Harbor installation using Tanzu Kubernetes Grid extensions fails when validating xsrfKey
search cancel

Harbor installation using Tanzu Kubernetes Grid extensions fails when validating xsrfKey

book

Article ID: 319312

calendar_today

Updated On:

Products

Tanzu Kubernetes Grid

Issue/Introduction

Symptoms:
  • You are installing Harbor using TKG extensions version tkg-extensions-v1.2.0+vmware.1
  • Your installation fails during Harbor app reconciliation with the below error message

kubectl get app -A
NAMESPACE  NAME  DESCRIPTION  SINCE-DEPLOY   AGE
tanzu-system-ingress    contour   Reconcile succeeded 2m45s          16m
tanzu-system-registry   harbor    Reconcile failed: Templating dir: exit status


Environment

VMware Tanzu Kubernetes Grid 1.x

Cause

To find the root cause of this problem run the below command
kubectl describe app -n tanzu-system-registry harbor

You should see an error similar to

Friendly Description:  Reconcile failed: Templating direxit status 1
  Inspect:
    Error:              Inspecting: exit status 1
    Exit Code:          1
    Stderr:             kapp: Error: App 'harbor-ctrl' (namespace: tanzu-system-registry) does not exist: configmaps "harbor-ctrl" not found
    <---Truncated---->
  Template:
    Error:      Templating direxit status 1
    Exit Code:  1
    Stderr:     ytt: Error:
- cannot load /values.star: Evaluating starlark template:
    in <toplevel>
      01-certificate.yaml:1 | #@ load("/values.star", "values")
    reason:
     - module has no .failed field or method (did you mean .fail?)
         in validate_core
           34 |   len(values.core.xsrfKey) == 32 or assert.failed("The core xsrf key must be a string of 32 chars")

The error is caused when the xsrfKey under tkg-extensions-v1.2.0+vmware.1/extensions/registry/harbor/harbor-data-values.yaml is not 32 characters in length.

Resolution

You must correct the length of xsrfKey under tkg-extensions-v1.2.0+vmware.1/extensions/registry/harbor/harbor-data-values.yaml. It should not exceed 32 characters in length. Example
grep xsrfKey tkg-extensions-v1.2.0+vmware.1/extensions/registry/harbor/harbor-data-values.yaml
  xsrfKey: changemechangemechangemechangeme

Once the value is updated to the correct length recreate the harbor-data-values secret and wait for reconciliation to succeed.

kubectl delete secret -n tanzu-system-registry  harbor-data-values

kubectl create secret generic harbor-data-values --from-file=values.yaml=tkg-extensions-v1.2.0+vmware.1/extensions/registry/harbor/harbor-data-values.yaml -n tanzu-system-registry

After reconciliation is completed you should see this reflected in the app status.

kubectl get app -n tanzu-system-registry
NAME     DESCRIPTION           SINCE-DEPLOY   AGE
harbor   Reconcile succeeded   2m20s          16m

Powered by Wolken Software