Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error updating bundle #12090

Open
carasanz opened this issue Jun 18, 2024 · 8 comments
Open

Error updating bundle #12090

carasanz opened this issue Jun 18, 2024 · 8 comments

Comments

@carasanz
Copy link

Spire server logs:

time="2024-06-18T11:04:03Z" level=error msg="Error updating bundle" error="can't perform SPIFFE Authentication: local copy of bundle not found" subsystem_name=bundle_client trust_domain=docker.nsm

How can I solve this error?
@NikitaSkrynnik
Copy link
Collaborator

Hello! Could you please tell more about your environment? Do you launch it on kind cluster?

@carasanz
Copy link
Author

Yes, I lauch it on kind cluster with one controller node and two worker nodes, but the Spire server is showing that error every time I try to launch it.

@NikitaSkrynnik
Copy link
Collaborator

NikitaSkrynnik commented Jun 20, 2024
edited
Loading

Have you tried these commands?

kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/5b7e8d3ab475ba2be433d1de9b648206987989d7/examples/spire/single_cluster/clusterspiffeid-template.yaml
kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/5b7e8d3ab475ba2be433d1de9b648206987989d7/examples/spire/base/clusterspiffeid-webhook-template.yaml

Also what kind version do you use?

@carasanz
Copy link
Author

Yes, I have tried them but the server is still not working.
I switched to minikube, I am using minikube version: v1.33.1.

error

@denis-tingaikin
Copy link
Member

Can be related to #12072

@denis-tingaikin denis-tingaikin self-assigned this Jun 24, 2024
@denis-tingaikin denis-tingaikin moved this to In Progress in Release v1.14.0 Jun 24, 2024
@p4lik4ri
Copy link

@carasanz can you check if there is a persistent volume created ? otherwise you have to create it manually

@denis-tingaikin
Copy link
Member

Should be fixed with v1.14.0. Could you check it?

@denis-tingaikin denis-tingaikin moved this from In Progress to Under review in Release v1.14.0 Sep 24, 2024
@anselmobattisti
Copy link
Contributor

I faced a similar problem.

After copping the bundles to the cluster3 i got the same message.

level=error msg="Error updating bundle" error="can't perform SPIFFE Authentication: local copy of bundle not found" subsystem_name=bundle_client trust_domain=docker.nsm

After listing the bundles

kubectl --context=kind-cluster3 exec spire-server-0 -n spire -c spire-server -- bin/spire-server bundle list
****************************************
* cluster2
****************************************
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

****************************************
* cluster1
****************************************
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

I notice that the name of the bundle was not the same as the thrusted domain.

I changed the spiffe id removing the NSM before the name of the cluster.

echo $bundle3 | kubectl --kubeconfig=$KUBECONFIG1 exec -i spire-server-0 -n spire -c spire-server -- bin/spire-server bundle set -format spiffe -id "spiffe://NSM.cluster3"

Verify if the name of the bundle is correctly defined.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Release v1.14.0
Status: Under review
Milestone
No milestone
Development

No branches or pull requests
6 participants
@anselmobattisti @denis-tingaikin @Ex4amp1e @NikitaSkrynnik @p4lik4ri @carasanz