Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issues with custom templates #1439

Open
ssro opened this issue Sep 25, 2019 · 1 comment
Open

Issues with custom templates #1439

ssro opened this issue Sep 25, 2019 · 1 comment

Comments

@ssro
Copy link
Contributor

ssro commented Sep 25, 2019

Hi everyone,

I'm having an issue updating voyager when using custom templates. I've created a global.cfg custom template on which I disable TLSv1.1, applied it and install/update voyager. The steps are as follows:

$ kubectl create configmap -n kube-system voyager-templates --from-file=global.cfg
$ curl -fsSL https://raw.githubusercontent.com/appscode/voyager/v11.0.1/hack/deploy/voyager.sh     | bash -s -- --provider=$provider --template-cfgmap=voyager-templates --run-on-master

The output of installing/updating voyager hangs and in the end it's timing out:

...output truncated...

waiting until voyager operator deployment is ready
waiting until voyager apiservice is available
waiting until voyager crds are ready
checking whether admission webhook(s) are activated or not
timed out waiting for the condition

However, if I pass --enable-validating-webhook=false voyager gets deployed with no issues

Another issue is if I want to update an ingress resource i get the following error:
Internal error occurred: failed calling webhook "admission.voyager.appscode.com": the server is currently unable to handle the request

It seems related with #1203 because if I run kubectl delete validatingwebhookconfiguration admission.voyager.appscode.com, I can update ingress resources.

Also, on voyager-operator I see a lot of tls errors like the one below:

http: TLS handshake error from 100.99.0.0:39152: remote error: tls: bad certificate

My global.cfg contents:

global
    daemon
    stats socket /var/run/haproxy.sock level admin expose-fd listeners
    server-state-file global
    server-state-base /var/state/haproxy/
    {{ if .MaxConnections }}maxconn {{ .MaxConnections }}{{ end }}
    # log using a syslog socket
    log /dev/log local0 info
    tune.ssl.default-dh-param 2048
    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
    lua-load /etc/auth-request.lua
    hard-stop-after {{ .HardStopAfter }}

Kubernetes 1.14.6 deployed with kops on aws
@IllanFed
Copy link

Same issue with custom config(defaults.cfg).

Workaround(pass --enable-validating-webhook=false) also works.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IllanFed @ssro