juju fails to bootstrap on microk8s due to failure to verify certificate
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Invalid
|
High
|
Harry Pidcock |
Bug Description
In test run https:/
===========
2023-09-06-01:59:31 root DEBUG [localhost]: juju add-k8s snapped-
2023-09-06-01:59:34 fce.juju_
2023-09-06-01:59:34 fce.juju_
2023-09-06-01:59:34 root DEBUG ['juju', 'bootstrap', '--config', 'controller-
2023-09-06-01:59:34 root DEBUG [localhost]: juju bootstrap --config controller-
2023-09-06-01:59:34 root DEBUG Creating Juju controller "popocatepetl" on snapped-
2023-09-06-01:59:34 root DEBUG Bootstrap to Kubernetes cluster identified as microk8s/localhost
2023-09-06-01:59:35 root DEBUG Creating k8s resources for controller "controller-
2023-09-06-02:00:04 root DEBUG Downloading images
2023-09-06-02:01:47 root DEBUG Starting controller pod
2023-09-06-02:01:47 root DEBUG Bootstrap agent now started
2023-09-06-02:01:47 root DEBUG Contacting Juju controller at 10.246.64.200 to verify accessibility...
2023-09-06-02:01:51 root DEBUG ERROR unable to contact api server after 0 attempts: unable to connect to API: tls: failed to verify certificate: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "juju-ca")
2023-09-06-02:07:46 root ERROR [localhost] Command failed: juju bootstrap --config controller-
===========
The juju controller can't be accessed because the certificate can't be verified. Did something around the certificates change in juju 3.2.3?
More logs and configs can be found here: https:/
Changed in juju: | |
importance: | Undecided → High |
assignee: | nobody → Thomas Miller (tlmiller) |
assignee: | Thomas Miller (tlmiller) → nobody |
assignee: | nobody → Harry Pidcock (hpidcock) |
Changed in juju: | |
status: | New → Triaged |
summary: |
- juju 3.2.3 fails to bootstrap on microk8s due to failure to verify - certificate + juju fails to bootstrap on microk8s due to failure to verify certificate |
We are not hitting this issue consistently with 3.2.3, there are multiple runs that pass the microk8s bootstrapping.