Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3710

Coco pod cannot reach http://kbs-service.trustee-operator-system:8080

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: High High
    • None
    • OSC 1.9.0
    • cloud-api-adapter
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Bugs and Vulnerability Issues
    • 0

      When launching a coco pod, the pod events show this:

      0s          Normal   Pulled           Pod/ocp-cc-pod2   Successfully pulled image "ghcr.io/confidential-containers/test-container-image-rs:cosign-signed" in 929ms (929ms including waiting). Image size: 4500001 bytes.
0s          Warning   Failed           Pod/ocp-cc-pod2   Error: CreateContainer failed: Security validate failed: ttrpc request error
Caused by:
    rpc status: Status { code: INTERNAL, message: "[CDH] [ERROR]: Get Resource failed", details: [], special_fields: SpecialFields { unknown_fields: UnknownFields { fields: None }, cached_size: CachedSize { size: 0 } } } 

      osc-caa-ds-7h8nv.log

      Trustee was verified w/ kbs-client.  For the above pod, trustee log doesn't show any attempts

      If I change the trusteeURL to be nodeIP:nodePort, the pod launches

      initdata.toml

      OCP

      Client Version: 4.17.0-202503121206.p0.g0000b3e.assembly.stream.el9-0000b3e
      Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
      Server Version: 4.17.0-0.nightly-multi-2025-03-20-144035

      OSC 1.9.0-19

      Trustee 0.3.0

       

        1. initdata.toml
          1 kB
          Tom Buskey
        2. osc-caa-ds-7h8nv.log
          56 kB
          Tom Buskey

              Unassigned Unassigned
              tbuskey-rh Tom Buskey
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: