Assigning Kubernetes Profile to a cluster fails with an error in the PKS API
Article ID: 298613
Updated On:
Products
VMware Tanzu Kubernetes Grid Integrated Edition
Issue/Introduction
When attempting to assign a Kubernetes Profile to a cluster, it fails with the following error:
Looking at the pks-api.log file on the pivotal-container-service VM shows the following:
"Error: An error occurred in the PKS API when processing"
Looking at the pks-api.log file on the pivotal-container-service VM shows the following:
Servlet.service() for servlet [dis patcherServlet] in context with path [] threw exception [Request processing failed; nested exception is feign.RetryableException: None of the TrustManagers trust this certificate chain
Environment
Tanzu Kubernetes Grid Integrated version 1.7 or above
Resolution
This error occurs in environments that have rotated the Root Certificate Authority (CA), but have not deleted the old and inactive cert from the environment.
Visit this endpoint 'https://$OPS-MANAGER-FQDN/api/v0/certificate_authorities' to view a list of CAs in the environment.
Any certificates with the flag "active":false are inactive, and should be deleted with the procedure documented here.
Note: Ensure that that the pivotal-container-service VM is recreated as part of this procedure.
Feedback
Yes
No
Powered by
