You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(If the output is long, please create a gist and
paste the link here.)
linkerd check output
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version
linkerd-config
--------------
√ control plane Namespace exists
√ control plane ClusterRoles exist
√ control plane ClusterRoleBindings exist
√ control plane ServiceAccounts exist
√ control plane CustomResourceDefinitions exist
√ control plane MutatingWebhookConfigurations exist
√ control plane ValidatingWebhookConfigurations exist
√ control plane PodSecurityPolicies exist
linkerd-existence
-----------------
√ 'linkerd-config' config map exists
√ heartbeat ServiceAccount exist
√ control plane replica sets are ready
√ no unschedulable pods
√ controller pod is running
√ can initialize the client
√ can query the control plane API
linkerd-api
-----------
| pod/linkerd-controller-8496f79d56-sq89v container linkerd-proxy is not ready <-- stuck on this
Environment
Kubernetes Version: 1.13.11
Cluster Environment: (GKE, AKS, kops, ...) AKS
Host OS: Ubuntu 16
Linkerd version: edge-19.9.2
The text was updated successfully, but these errors were encountered:
@zaharidichev The defaults in the tutorial is EC P-256 and that works well, I've also created the certificates using HashiCorp vault and I got the same results (P521 fails and P256 works)
We unfortunately only support one type of certificate currently. We'd love help updating the support to more certificate types. In the mean time we're working at getting the tooling to inspect and verify that the certs are valid for use by us.
@grampelberg is this documented somewhere? I didn't any mention about that. Please add documentation about this constraint (or better logging) because I spent too much time investigating this...
Bug Report
I've tried to make linkerd use certificates that are generated with EC P-521 instead of P-256 and I get this error from linkerd-proxy
I've used the following commands to generate the CA and Issuer:
What am I missing here?
And installed linkerd using the following:
How can it be reproduced?
Using the commands described above
Logs, error output, etc
(If the output is long, please create a gist and
paste the link here.)
linkerd check
outputEnvironment
The text was updated successfully, but these errors were encountered: