Skip to content

subctl sometimes fails at join with: x509: certificate signed by unknown authority #244

New issue
New issue
Closed
#245
Closed
subctl sometimes fails at join with: x509: certificate signed by unknown authority#244
#245
Assignees
mangelajo
Labels
backportThis change requires a backport to eligible release branchesbugSomething isn't workingsubctlSubctl related issues
Milestone
v0.1.1
@mangelajo

Description

@mangelajo
mangelajo
opened on Mar 6, 2020

Discovering multi cluster details Error trying to discover multi-cluster network details: Get https://api.majopela-mar6-a.devcluster.openshift.com:6443/apis/submariner.io/v1/clusters: x509: certificate signed by unknown authority

If we look at the broker-info.subm file, we find the wrong token: "submariner-k8s-broker-client-dockercfg-v6jlj"

which are the docker pull secrets.

If we look at the service account we see:

- apiVersion: v1
  imagePullSecrets:
  - name: submariner-k8s-broker-client-dockercfg-v6jlj
  kind: ServiceAccount
  metadata:
    creationTimestamp: "2020-03-06T10:23:19Z"
    name: submariner-k8s-broker-client
    namespace: submariner-k8s-broker
    resourceVersion: "19684"
    selfLink: /api/v1/namespaces/submariner-k8s-broker/serviceaccounts/submariner-k8s-broker-client
    uid: 8002d982-5f94-11ea-8766-0eb83f56231e
  secrets:
  - name: submariner-k8s-broker-client-dockercfg-v6jlj
  - name: submariner-k8s-broker-client-token-k976b

But our code assumes that secrets[0] will be the "-token"

https://github.com/submariner-io/submariner-operator/blob/master/pkg/broker/rbac.go#L90

Such code must be flexible

Metadata

Metadata

Assignees

Labels

backportThis change requires a backport to eligible release branchesbugSomething isn't workingsubctlSubctl related issues

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions