-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SslError when running Krustlet on macOS 12.1 M1 #716
Comments
@rgreinho just wondering, have you gave it another try by deleting the config file ? |
ping. Any updates? |
I'm going to close this ticket due to inactivity, but please re-open if this still needs to be addressed. Thanks! |
Sorry about the delay, but I had to step away from WASM and therefore Krustlet, for a while. Here are the steps I followed, in addition of having attempted to run the steps from the various guides. I tried with minikube and kind. I end up being blocked by the same problem in all cases. Delete cluster and configuration╭ ~
╰❯ kind delete cluster
Deleting cluster "kind" ...
╭ ~
╰❯ rm -fr ~/.kube/ ~/.krustlet/
Recreate a cluster with kind╭ ~ ⌛ 2s
╰❯ kind create cluster
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.24.0) 🖼
✓ Preparing nodes 📦
✓ Writing configuration 📜
✓ Starting control-plane 🕹️
✓ Installing CNI 🔌
✓ Installing StorageClass 💾
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Have a nice day! 👋 Run steps from the source code╭ krustlet on main via 🦀 v1.60.0
╰❯ just build
cargo build
Finished dev [unoptimized + debuginfo] target(s) in 0.47s
╭ krustlet on main via 🦀 v1.60.0
╰❯ just
secret/bootstrap-token-xbkaja created
Switched to context "kind-kind".
Context "kind-kind" renamed to "tls-bootstrap-token-user@kubernetes".
User "tls-bootstrap-token-user" set.
Context "tls-bootstrap-token-user@kubernetes" modified.
Context "tls-bootstrap-token-user@kubernetes" modified.
KUBECONFIG=$(eval echo $CONFIG_DIR)/kubeconfig-wasi cargo run --bin krustlet-wasi -- --node-name krustlet-wasi --port 3001 --bootstrap-file $(eval echo $CONFIG_DIR)/bootstrap.conf --cert-file $(eval echo $CONFIG_DIR)/krustlet-wasi.crt --private-key-file $(eval echo $CONFIG_DIR)/krustlet-wasi.key
Finished dev [unoptimized + debuginfo] target(s) in 0.28s
Running `target/debug/krustlet-wasi --node-name krustlet-wasi --port 3001 --bootstrap-file /Users/rgreinhofer/.krustlet/config/bootstrap.conf --cert-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.crt --private-key-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.key`
Jun 08 14:12:56.033 DEBUG kubelet::bootstrapping: Starting bootstrap config.node_name=krustlet-wasi
Jun 08 14:12:56.035 DEBUG bootstrap_auth: kubelet::bootstrapping: No existing kubeconfig found, loading bootstrap config bootstrap_file=/Users/rgreinhofer/.krustlet/config/bootstrap.conf
Jun 08 14:12:56.116 INFO bootstrap_auth: kubelet::bootstrapping: Got modified event, but CSR for authentication certs is not currently approved elapsed=4.881875ms
Jun 08 14:12:56.136 INFO bootstrap_auth: kubelet::bootstrapping: Got modified event, but CSR for authentication certs is not currently approved elapsed=24.21675ms
Jun 08 14:12:56.143 DEBUG bootstrap_auth: kubelet::bootstrapping: Certificate has been approved, generating kubeconfig
Jun 08 14:12:56.144 DEBUG bootstrap_auth: kubelet::bootstrapping: Writing generated kubeconfig to file path=/Users/rgreinhofer/.krustlet/config/kubeconfig-wasi
Jun 08 14:12:56.148 DEBUG bootstrap_tls: kubelet::bootstrapping: Starting bootstrap of TLS serving certs
Error: SslError: MAC verification failed during PKCS12 import (wrong password?)
error: Recipe `run` failed on line 46 with exit code 1 |
@bacongobbler if you could reopen this ticket, that would be great. Thank you. |
Hey mate, i vaguely remember having similar issue and it was related to OpenSsl Did you give this answer a try ? Especially this part
P.S - I don't have my Mac in hand now to check if my Edit: No, this path is not in my |
Ah, good pointers! So here is what I tried: ╭ krustlet on main via 🦀 v1.60.0
╰❯ openssl version
OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)
╭ krustlet on main via 🦀 v1.60.0
╰❯ export PATH="/opt/homebrew/opt/openssl@1.1/bin:$PATH"
╭ krustlet on main via 🦀 v1.60.0
╰❯ openssl version
OpenSSL 1.1.1o 3 May 2022
╭ krustlet on main via 🦀 v1.60.0
╰❯ just
KUBECONFIG=$(eval echo $CONFIG_DIR)/kubeconfig-wasi cargo run --bin krustlet-wasi -- --node-name krustlet-wasi --port 3001 --bootstrap-file $(eval echo $CONFIG_DIR)/bootstrap.conf --cert-file $(eval echo $CONFIG_DIR)/krustlet-wasi.crt --private-key-file $(eval echo $CONFIG_DIR)/krustlet-wasi.key
Finished dev [unoptimized + debuginfo] target(s) in 0.46s
Running `target/debug/krustlet-wasi --node-name krustlet-wasi --port 3001 --bootstrap-file /Users/rgreinhofer/.krustlet/config/bootstrap.conf --cert-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.crt --private-key-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.key`
Jun 09 07:51:26.745 DEBUG kubelet::bootstrapping: Starting bootstrap config.node_name=krustlet-wasi
Jun 09 07:51:26.746 DEBUG bootstrap_auth: kubelet::bootstrapping: Found existing kubeconfig, loading...
Jun 09 07:51:26.762 DEBUG bootstrap_tls: kubelet::bootstrapping: Starting bootstrap of TLS serving certs
Error: SslError: MAC verification failed during PKCS12 import (wrong password?)
error: Recipe `run` failed on line 46 with exit code 1 So I am not sure whether it is an openssl or not. But in both cases, my version of openssl is different from the one you mentioned. |
Good idea! ╭ krustlet on main via 🦀 v1.60.0 ⌛ 2s
╰❯ just build --no-default-features --features rustls-tls
cargo build --no-default-features --features rustls-tls
Downloaded rustls-native-certs v0.5.0
Downloaded rustls-pemfile v0.2.1
Downloaded hyper-rustls v0.22.1
Downloaded ct-logs v0.8.0
Downloaded 4 crates (79.2 KB) in 0.60s
Compiling rustls-pemfile v0.2.1
Compiling rustls v0.19.1
Compiling ct-logs v0.8.0
Compiling webpki-roots v0.21.1
Compiling kubelet v1.0.0-alpha.1 (/Users/rgreinhofer/projects/krustlet/krustlet/crates/kubelet)
Compiling krustlet v1.0.0-alpha.1 (/Users/rgreinhofer/projects/krustlet/krustlet)
Compiling tokio-rustls v0.22.0
Compiling rustls-native-certs v0.5.0
Compiling hyper-rustls v0.22.1
Compiling tonic v0.5.2
Compiling warp v0.3.2
Compiling kube v0.60.0
Compiling reqwest v0.11.6
Compiling oci-distribution v0.8.0
Compiling wasi-experimental-http-wasmtime v0.6.0
Compiling k8s-csi v0.4.0
Compiling kube-runtime v0.60.0
Compiling krator v0.5.0
Compiling wasi-provider v1.0.0-alpha.1 (/Users/rgreinhofer/projects/krustlet/krustlet/crates/wasi-provider)
Finished dev [unoptimized + debuginfo] target(s) in 31.31s
╭ krustlet on main via 🦀 v1.60.0 ⌛ 31s
╰❯ rm -fr ~/.kube/ ~/.krustlet/
╭ krustlet on main via 🦀 v1.60.0
╰❯ kind delete cluster
Deleting cluster "kind" ...
╭ krustlet on main via 🦀 v1.60.0
╰❯ kind create cluster
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.24.0) 🖼
✓ Preparing nodes 📦
✓ Writing configuration 📜
✓ Starting control-plane 🕹️
✓ Installing CNI 🔌
✓ Installing StorageClass 💾
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Thanks for using kind! 😊
╭ krustlet on main via 🦀 v1.60.0 ⌛ 15s
╰❯ just
secret/bootstrap-token-x17dr6 created
Switched to context "kind-kind".
Context "kind-kind" renamed to "tls-bootstrap-token-user@kubernetes".
User "tls-bootstrap-token-user" set.
Context "tls-bootstrap-token-user@kubernetes" modified.
Context "tls-bootstrap-token-user@kubernetes" modified.
KUBECONFIG=$(eval echo $CONFIG_DIR)/kubeconfig-wasi cargo run --bin krustlet-wasi -- --node-name krustlet-wasi --port 3001 --bootstrap-file $(eval echo $CONFIG_DIR)/bootstrap.conf --cert-file $(eval echo $CONFIG_DIR)/krustlet-wasi.crt --private-key-file $(eval echo $CONFIG_DIR)/krustlet-wasi.key
Finished dev [unoptimized + debuginfo] target(s) in 0.33s
Running `target/debug/krustlet-wasi --node-name krustlet-wasi --port 3001 --bootstrap-file /Users/rgreinhofer/.krustlet/config/bootstrap.conf --cert-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.crt --private-key-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.key`
Jun 09 08:26:14.009 DEBUG kubelet::bootstrapping: Starting bootstrap config.node_name=krustlet-wasi
Jun 09 08:26:14.011 DEBUG bootstrap_auth: kubelet::bootstrapping: No existing kubeconfig found, loading bootstrap config bootstrap_file=/Users/rgreinhofer/.krustlet/config/bootstrap.conf
Jun 09 08:26:14.120 INFO bootstrap_auth: kubelet::bootstrapping: Got modified event, but CSR for authentication certs is not currently approved elapsed=4.359541ms
Jun 09 08:26:14.130 INFO bootstrap_auth: kubelet::bootstrapping: Got modified event, but CSR for authentication certs is not currently approved elapsed=14.354208ms
Jun 09 08:26:14.135 DEBUG bootstrap_auth: kubelet::bootstrapping: Certificate has been approved, generating kubeconfig
Jun 09 08:26:14.135 DEBUG bootstrap_auth: kubelet::bootstrapping: Writing generated kubeconfig to file path=/Users/rgreinhofer/.krustlet/config/kubeconfig-wasi
Jun 09 08:26:14.139 DEBUG bootstrap_tls: kubelet::bootstrapping: Starting bootstrap of TLS serving certs
Error: SslError: MAC verification failed during PKCS12 import (wrong password?)
error: Recipe `run` failed on line 46 with exit code 1
╭ krustlet on main via 🦀 v1.60.0 ⌛ 3s
╰❯[✖ ERROR] kubectl get nodes
NAME STATUS ROLES AGE VERSION
kind-control-plane Ready control-plane 39s v1.24.0 But for some reason it does not work either :/ |
When you ran This is hinted at in the documentation:
|
Oh cool! trying that: ╭ krustlet on main [!] via 🦀 v1.60.0
╰❯ just run --no-default-features --features rustls-tls
KUBECONFIG=$(eval echo $CONFIG_DIR)/kubeconfig-wasi cargo run --bin krustlet-wasi --no-default-features --features rustls-tls -- --node-name krustlet-wasi --port 3001 --bootstrap-file $(eval echo $CONFIG_DIR)/bootstrap.conf --cert-file $(eval echo $CONFIG_DIR)/krustlet-wasi.crt --private-key-file $(eval echo $CONFIG_DIR)/krustlet-wasi.key
Finished dev [unoptimized + debuginfo] target(s) in 0.32s
Running `target/debug/krustlet-wasi --node-name krustlet-wasi --port 3001 --bootstrap-file /Users/rgreinhofer/.krustlet/config/bootstrap.conf --cert-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.crt --private-key-file /Users/rgreinhofer/.krustlet/config/krustlet-wasi.key`
Jun 09 11:24:55.292 DEBUG kubelet::bootstrapping: Starting bootstrap config.node_name=krustlet-wasi
Jun 09 11:24:55.293 DEBUG bootstrap_auth: kubelet::bootstrapping: No existing kubeconfig found, loading bootstrap config bootstrap_file=/Users/rgreinhofer/.krustlet/config/bootstrap.conf
Error: HyperError: error trying to connect: invalid dnsname
Caused by:
0: error trying to connect: invalid dnsname
1: invalid dnsname
error: Recipe `run` failed on line 46 with exit code 1 I think it does not work because of what is written in the caveats sections:
|
I have same
EDIT: oh, I see this project seems to be dead now. |
Following the bootstrapping section of the documentation, I am facing an issue when running Krustlet on macOS 12.1 with an M1 chip:
The Krustlet was built from the main branch, commit 35a84d5.
The text was updated successfully, but these errors were encountered: