Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2416

Quay Mirror POD was crashed when use unmanaged TLS component with provided cert/key pair

    XMLWordPrintable

Details

    • 0

    Description

      Description:

      This is an issue found when deploy quay with operator, choose to use managed route and unmanaged tls component, provide cert/key pair, after created quayregistry CR, found Quay Mirror POD was failed to start, check the logs of Mirror POD, get error message "Failed to append custom certificate: extra_ca_certs/ssl.key",see attached mirror POD logs quay_360_mirror_pod.logs 

      Note: Quay image is quay-operator-bundle-container-v3.6.0-18

      oc create secret generic --from-file config.yaml=./config.yaml --from-file ssl.cert=./ssl.cert --from-file ssl.key=./ssl.key config-bundle-secret

oc create -f quayregistry_s3_tls_route_unmanaged.yaml
      oc get pod
NAME                                          READY   STATUS             RESTARTS   AGE
quay-operator.v3.6.0-784898d9f8-s57wc         1/1     Running            0          6h15m
quay360-clair-app-cbb764cd9-b9swc             1/1     Running            0          22m
quay360-clair-app-cbb764cd9-kmhv5             1/1     Running            0          22m
quay360-clair-postgres-59cb96bfc6-jp8z4       1/1     Running            1          23m
quay360-quay-app-5cc9777c79-nrpbc             1/1     Running            0          22m
quay360-quay-app-5cc9777c79-r2qfv             1/1     Running            1          22m
quay360-quay-app-upgrade-ntm5m                0/1     Completed          0          22m
quay360-quay-config-editor-6cd5676d7b-4krp6   1/1     Running            0          22m
quay360-quay-database-9494b4578-m4v9b         1/1     Running            1          22m
quay360-quay-mirror-78459cf5d5-2qv4j          0/1     CrashLoopBackOff   8          21m
quay360-quay-mirror-78459cf5d5-jbnkc          0/1     CrashLoopBackOff   8          21m
quay360-quay-postgres-init-94czg              0/1     Completed          0          22m
quay360-quay-redis-74d8d54b57-wh6vv           1/1     Running            0          23m

oc get pod quay360-quay-mirror-78459cf5d5-2qv4j -o json | jq '.spec.containers[0].image'
"registry.redhat.io/quay/quay-rhel8@sha256:a4cad2c70cd340029d00f468fc08cab887365d17fe22bbf31beeec36aebeb9e7"

      Config.yaml:

      cat config.yaml
FEATURE_EXTENDED_REPOSITORY_NAMES: true
CREATE_REPOSITORY_ON_PUSH_PUBLIC: true
FEATURE_USER_INITIALIZE: true
SERVER_HOSTNAME: quayv360.apps.quay-perf-738.perfscale.devcluster.openshift.com
ALLOWED_OCI_ARTIFACT_TYPES: 
    application/vnd.cncf.helm.config.v1+json: 
    - application/tar+gzip
    application/vnd.oci.image.layer.v1.tar+gzip+encrypted:
    - application/vnd.oci.image.layer.v1.tar+gzip+encrypted
    application/vnd.oci.image.config.v1+json:
    - application/vnd.oci.image.layer.v1.tar+zstd
    application/vnd.oci.image.config.v1+json:
    - application/vnd.dev.cosign.simplesigning.v1+json
DEFAULT_TAG_EXPIRATION: 4w
TAG_EXPIRATION_OPTIONS:
- 2w
- 4w
- 8w
FEATURE_GENERAL_OCI_SUPPORT: true
FEATURE_HELM_OCI_SUPPORT: false
SUPER_USERS:
  - quay
  - admin
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS:
  - default
DISTRIBUTED_STORAGE_PREFERENCE:
  - default
DISTRIBUTED_STORAGE_CONFIG:
  default:
    - S3Storage
    - s3_bucket: quay360
      storage_path: /quay360
      s3_access_key: ******
      s3_secret_key: ******
      host: s3.us-east-2.amazonaws.com

      QuayRegistry CR:

      apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: quay360
spec:
  configBundleSecret: config-bundle-secret
  components:
    - kind: objectstorage
      managed: false
    - kind: route
      managed: true
    - kind: tls
      managed: false

      Attachments

        Activity

          People

            rmarasch@redhat.com Ricardo Maraschini (Inactive)
            lzha1981 luffy zhang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: