Ritesh Patel
Ritesh Patel
We are seeing the exact same issue: root@ritesh-test:~/contiv/contiv-1.0.3# ./install/k8s/install.sh -n 184.173.89.146 Installing Contiv for Kubernetes secret "aci.key" created Generating local certs for Contiv Proxy Setting installation parameters Applying contiv installation...
Here is the requested info: ``` Platform: Ubuntu 16.04.2 LTS VMs on IBM SoftLayer root@cluster1:~/contiv/contiv-1.0.3# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 50.97.198.5 cluster1.nirmata.com cluster1 127.0.1.1 cluster1.nirmata.com cluster1.nirmata.com 50.97.198.5 netmaster root@cluster1:~/contiv/contiv-1.0.3# root@cluster1:~/contiv/contiv-1.0.3#...
Pod details ``` root@cluster1:~/contiv/contiv-1.0.3# kubectl describe pods -n kube-system Name: contiv-api-proxy-g07zc Namespace: kube-system Node: / Labels: k8s-app=contiv-api-proxy Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"contiv-api-proxy","uid":"bd9cc25f-4fa4-11e7-9354-066bde8f6de... scheduler.alpha.kubernetes.io/critical-pod= Status: Pending IP: Controllers: ReplicaSet/contiv-api-proxy Containers: contiv-api-proxy: Image: contiv/auth_proxy:1.0.3 Port:...
Here is the log: root@cluster1:~# cat /var/contiv/log/netplugin.log time="Jun 13 01:43:39.825962264" level=error msg="Failed to connect to etcd. Err: client: etcd cluster is unavailable or misconfigured" time="Jun 13 01:43:39.826034103" level=error msg="Error creating...
Quick update....it appears that the installer assumes that kubernetes is deployed using kubeadm so all the node labels are correctly setup. In my case, I did not use kubeadm to...
@pealtrufo Please see this blog post on how this can be achieved using a helper to fetch and store ECR token. https://nirmata.com/2022/02/02/software-supply-chain-security-on-amazon-eks-clusters-using-amazon-ecr-kyverno-and-cosign/
@JimBugwadia @pealtrufo The reason this is not working even though IAM role is configured for the Kyverno service account is because Kyverno does not know how to authenticate with ECR...
@JimBugwadia Here is a related issue I filed a while back: https://github.com/kyverno/kyverno/issues/7214
This is awesome!