-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding self-signed-certificates and removing the relation breaks the charm #441
Comments
Thank you for reporting us your feedback! The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5876.
|
Reported issueI was able to reproduce the issue. My model:
juju debug-log output:
Potential causeThe error message comes from the I have pinged the maintainers of the library I'm referring to, will come back with an update. State of TLS certificates integrationJust as a quick check, I did the following to ensure the TLS certificates were in fact passed and rendered correctly in the
My model:
The apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
creationTimestamp: "2024-06-17T18:44:40Z"
generation: 2
labels:
app.juju.is/created-by: istio-pilot
app.kubernetes.io/instance: istio-pilot-istio-441
kubernetes-resource-handler-scope: gateway
name: istio-gateway
namespace: istio-441
resourceVersion: "1420"
uid: f56edf34-5dd7-4d5a-b50c-1e6b7f977e89
spec:
selector:
istio: ingressgateway
servers:
- hosts:
- '*'
port:
name: https
number: 8443
protocol: HTTPS
tls: # <--- it is configured for TLS
credentialName: istio-gateway-gateway-secret # <--- it references this secret
mode: SIMPLE apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURyakNDQXBhZ0F3SUJBZ0lVWlV3L0x0aWs2MjNic3FSWWNyRlBjMUJwYjhNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd09URUxNQWtHQTFVRUJoTUNWVk14S2pBb0JnTlZCQU1NSVhObGJHWXRjMmxuYm1Wa0xXTmxjblJwWm1sagpZWFJsY3kxdmNHVnlZWFJ2Y2pBZUZ3MHlOREEyTVRjeE9EUTFNRFJhRncweU5UQTJNVGN4T0RRMU1EUmFNRWN4CkZqQVVCZ05WQkFNTURXbHpkR2x2TFhCcGJHOTBMVEF4TFRBckJnTlZCQzBNSkRGaU4yRXlaRGhsTFdVNU4yVXQKTkRBd09TMDRPVGN5TFRRMU1HRXdZbVUxT1RnME1EQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQwpBUW9DZ2dFQkFNOU1yS1VkZXRJOGJMeFo0Mi9VY2FXaGtKVEpzT0IwRVRxTzlENUxNSUdtZXI1d3ZLc1dmc2Q4CmMxOHV2bUtnc2pCM2tZVVV0bDNIa0xxdHlwU1ZXNkZyOUVPaWI2TGVadFFSTmFYZm11RFN1UjBqMk9jRTJzem8KdDVwRDM3MFJOTVB2eG9BT0szN3U3dkM2VjRaL2ZudnFPaWlaVDZjaU5UQjJSWmpzYTVoWjdSUHZSOW5WaXRhLwpoODZhQmkxdThaNDFpUlhTZkxlTUxDNFdYcEhwL2x2a0JRVVNwWUIyRGs0VDF0Mm90cjNhbjEzbGdMYWtmdk5XCmJYWmpzRWxYWVFCeEhHQmYzN0oraUhjOU9YM25ybnVVY3o2SGgzbG9WekpROGIwTktvMTlDbFZWbTdtbThWVjIKMnIvcVR0VXQ2dDViWE12QUQwRUFtQWhHNFEvL3dXOENBd0VBQWFPQm56Q0JuREFoQmdOVkhTTUVHakFZZ0JZRQpGSVo1ZkVqeUowNEM5U1IrbW80WWRvRWlnRkFzTUIwR0ExVWREZ1FXQkJUL0RFZmxvbTdUNGF6VUpmNXl6L09GCkpNS05KVEFNQmdOVkhSTUJBZjhFQWpBQU1Fb0dBMVVkRVFSRE1FR0NQMmx6ZEdsdkxYQnBiRzkwTFRBdWFYTjAKYVc4dGNHbHNiM1F0Wlc1a2NHOXBiblJ6TG1semRHbHZMVFEwTVM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTgpCZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFkdzc5UWhJN0pVcUV3MzRwZysrRkJDSitKVUU3OFpZVURrVHNIQWVZClZEUlpWcUwyaENnL0poU2k3RHFrYUcwRjh6UkdadGxzcUFCdEdEYmhPZC9WM3BiOUtYVTRUSHl6UWhPYmlEWHkKYXRwQ2REUnEwUDVUeGpBT2l6YnJIZHlyOXc2c0FFd1VEcldKclQ2NjFOVjFNazE3YUluTVZZdFlNMExsS0h5YgpkTGZ4NmZjcGVCeXJXVjQ2cjZLTVlKQWoyd2lORjhlSXdpK0NMd2tiUGwwR1FHd3lVK3NSV1EwVmtuWk5ESVlyCjhzT0wrbUV5VVNBNmJ3RmF3dFVxUHJPRDI5RXJ5VlF0RkVtYit6cWVuN2VUNXBLN2FRRDE2NDR2TEdEajJEYzkKNkVIM1pRZ2VjUHBFcHJWTW04NTdEWC9XTTdDcDQxUThURDF5SUVGREZCSThSdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBejB5c3BSMTYwanhzdkZuamI5UnhwYUdRbE1tdzRIUVJPbzcwUGtzd2dhWjZ2bkM4CnF4Wit4M3h6WHk2K1lxQ3lNSGVSaFJTMlhjZVF1cTNLbEpWYm9XdjBRNkp2b3Q1bTFCRTFwZCthNE5LNUhTUFkKNXdUYXpPaTNta1BmdlJFMHcrL0dnQTRyZnU3dThMcFhobjkrZStvNktKbFBweUkxTUhaRm1PeHJtRm50RSs5SAoyZFdLMXIrSHpwb0dMVzd4bmpXSkZkSjh0NHdzTGhaZWtlbitXK1FGQlJLbGdIWU9UaFBXM2FpMnZkcWZYZVdBCnRxUis4MVp0ZG1Pd1NWZGhBSEVjWUYvZnNuNklkejA1ZmVldWU1UnpQb2VIZVdoWE1sRHh2UTBxalgwS1ZWV2IKdWFieFZYYmF2K3BPMVMzcTNsdGN5OEFQUVFDWUNFYmhELy9CYndJREFRQUJBb0lCQVFDZ0RXc2U4T3ZyZG92ZAp3T2xCWnAxNGJJM2Mwdnlsei9lZFp0SmRabUJGT2V4N0xULytPSmdhSFpSV1lSak52WlRXcHZyTDdYb0FYaHo0CmhVWnNBZ1dGVkh4NzIrYWxzV0ZqU3daSTA2UVpBWm03VGZvaUpEVnJFQ0x5RUlXbXpLb1l2Z0JjenBQMnBUUUcKMlZqS2w1Vm94eWV3UU82bTlGcHMyR1JUOWZYODRjMS90bUkraTZOOVN1ak5wcDloVzhoMS81cjBaRnZha2VJSgpxaTgyb2IyMFhWQmhOeGg0Z0x1YWw2aGtiTE9WUWVmNWZSTThxOFRVWlVGTjRycEpvbi9XaHNBTnMxRkpaVE5kCngza2JHZWh0TEc0OXNzSzdqVG5KK0ZFeEZSM0pjZjBieHJKV1JEbkJFN0JCMGxzSmR4anVUTFhCVlZ1dGxHazMKVDNENWtQckJBb0dCQVBDelNiWDVuTnl1NjZaVmNLcTB4a3plNVhiaUR4Ri95aW1yaUtybDRHU1czSWx5bnNBdQprVG5rVGtUVDB1YithSzJGUlJiQ3hIM3dCMW9HQjlhUG1RaFBtY1BDMGJ1TlJLN3M2MGhnWVV1Y0o3czNPdE5KCk5ubm1JN0laTVpQTURweHVoekFhNHU2NGFBZ21QNWdkNWpVSjJkNGZtZkJrU1YyYzlwRG9xM29OQW9HQkFOeDUKNGhHck5mVk9BTWJCNVpQdTNrTkdzdkhzaURRalA3TWZOVTB2MjRUYW9KS3d1dXR1L1NKUE5FQ3FGbkx1S2tkWgo2cDZ1akN5UC9LNlBvQUlqSjZjMHJGUkRIbHMxQk1PTU5VQlBmdGNVUW5KSHo0Ty93ZUt2U2FWRGsvU0FXWTFICnpkS2toVEdvaG1yZ2tJcnhvaDRsUTViT0YxSnp1WlR3L3ozYXFUWnJBb0dCQU14ZW5qNXBjenVaTmJKa0p5WjYKR1VrWmxHR05iVmZoVmVodG9idmhOTmFUbFNzSzdDbW5JRjIwTUpTVitpTnhiYld2UzBzWkVqY1AvMTM3Y3RwRgowSnpTNFc3cTBxTlpQakQ4TG9Xa2Q5ZjMvWEFqWThvVUJySVhxc1ZFU09rQndJSW9BcGJnclVBZHlRN3FVdUs0CnVFYmVWMk1YRitDWmRnV0xDWHRlWW9KZEFvR0JBTkpVY0VlODFzLzdKeUIxNzRjdUZObUhnOFRwaXBKNm9oVkcKaTNua1V2NHQ5NHVaaitoMFRJYkRtcXlwMXBxei9KOXU5eldFZlBNeU5iTnVEdzZhN1FSRmFyVkVCcHlxT3E0Mgpmc0tvVSsvcFF1NTA5VkhSeUt4eDNzY0xiZ1dOd0dEWWhGRVVaSUNZTGd1ZHlpYlRGMzY4dS9zTkJ4REFsK1d2Cjl6L1I3eVdiQW9HQUx6Qk5WSTh0U2RkbTYwWEhpVFJVL012dzdFOHNXbU1Gdlp2VGRXdmZMcVY3N0V2cE1FdEEKdTJzQmhNdUJHbkVvVjV0ZDR6aVVpb2xDQms2c2UxNi8xWlpydUtvaGJIdFZobXlTTG8xalFtSXlicjB4RFBOYgpOY3k0UHNkNTVhVEZNSVd3RWhwbWovMjB0UmlQaGNadlBEWlVleHBIWDRHYi9mRmZ4QTJlTGc4PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
creationTimestamp: "2024-06-17T18:45:05Z"
labels:
app.juju.is/created-by: istio-pilot
app.kubernetes.io/instance: istio-pilot-istio-441
kubernetes-resource-handler-scope: gateway
name: istio-gateway-gateway-secret
namespace: istio-441
resourceVersion: "1419"
uid: 0dfe5ae8-ed60-4f54-8e3f-b3b6abed5e4e
type: kubernetes.io/tls Based on this we can confirm the relation and the reconciler in the |
I have confirmed with @sed-i that this issue is caused by the To fix the issue @dparv reported, we'll have to:
For more recent versions of the |
The fix has been released to 1.17/stable. Closing this issue, but feel free to re-open or file a new one should you find any other error. Thanks! |
Bug Description
and can't access kubeflow dashbboard
To Reproduce
juju deploy self-signed-certificates --channel edge
juju relate istio-pilot:certificates self-signed-certificates:certificates
and
juju remove-relation istio-pilot:certificates self-signed-certificates:certificates
Environment
juju 3.4.3
istio-pilot 1.17/stable 965
self-signed-certificates latest/edge 145
Relevant Log Output
The text was updated successfully, but these errors were encountered: