Unable to login to embedded harbor image repository after rotation of certificate "Workload Platform Management" (vip.crt).
Article ID: 385200
Updated On:
Products
Issue/Introduction
- All Harbor pods are running and healthy
- Even after applying kb article https://broadcomcms-software-agent.wolkenservicedesk.com/wolken/esd/knowledge-base-view/view-kb-article?articleNumber=319369, issue persists.
- When checking if /usr/local/helm3/linux-amd64/helm is available in admin-agent, we see it is available.
- When checking if /usr/local/bin/kubectl is available in admin-agent, we see its available.
- When running `/usr/local/helm3/linux-amd64/helm list` we get below error:
root [ / ]# /usr/local/helm3/linux-amd64/helm list
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xe5 pc=0x7f50db451140]
runtime stack:
runtime.throw({0x1f657ee?, 0x0?})
runtime/panic.go:992 +0x71
runtime.sigpanic()
runtime/signal_unix.go:802 +0x389
goroutine 1 [syscall]:
runtime.cgocall(0x1890317, 0xc0002e99a0)
runtime/cgocall.go:157 +0x5c fp=0xc0002e9978 sp=0xc0002e9940 pc=0x4078bc
os/user._Cfunc_mygetpwuid_r(0x0, 0xc0004a2d20, 0x49d6a40, 0x400, 0xc000010448)
_cgo_gotypes.go:174 +0x4c fp=0xc0002e99a0 sp=0xc0002e9978 pc=0x6ddc2c
os/user.lookupUnixUid.func1.1(0x0, 0x30eff20?, 0xc0002e9a38?, 0x4117c7?)
os/user/cgo_lookup_unix.go:102 +0xa6 fp=0xc0002e9a00 sp=0xc0002e99a0 pc=0x6de7a6
os/user.lookupUnixUid.func1()
os/user/cgo_lookup_unix.go:102 +0x29 fp=0xc0002e9a30 sp=0xc0002e9a00 pc=0x6de6e9
os/user.retryWithBuffer(0xc0004cc480, 0xc0002e9b10)
os/user/cgo_lookup_unix.go:244 +0x39 fp=0xc0002e9a78 sp=0xc0002e9a30 pc=0x6df399
os/user.lookupUnixUid(0x0)
os/user/cgo_lookup_unix.go:95 +0x10f fp=0xc0002e9b50 sp=0xc0002e9a78 pc=0x6de4ef
os/user.current()
os/user/cgo_lookup_unix.go:48 +0x47 fp=0xc0002e9b90 sp=0xc0002e9b50 pc=0x6de367
os/user.Current.func1()
os/user/lookup.go:15 +0x17 fp=0xc0002e9ba0 sp=0xc0002e9b90 pc=0x6dd5f7
sync.(*Once).doSlow(0xc0002e9c20?, 0x4e6774?)
sync/once.go:68 +0xc2 fp=0xc0002e9c00 sp=0xc0002e9ba0 pc=0x484e62
sync.(*Once).Do(...)
sync/once.go:59
os/user.Current()
os/user/lookup.go:15 +0x37 fp=0xc0002e9c30 sp=0xc0002e9c00 pc=0x6dd697
main.checkPerms()
helm.sh/helm/v3/cmd/helm/root_unix.go:38 +0x5b fp=0xc0002e9cc0 sp=0xc0002e9c30 pc=0x1883fbb
main.newRootCmd(0xc00022cfc0, {0x21faf60, 0xc000134008}, {0xc000136010, 0x1, 0x1})
helm.sh/helm/v3/cmd/helm/root.go:210 +0x86a fp=0xc0002e9ef0 sp=0xc0002e9cc0 pc=0x188352a
main.main()
helm.sh/helm/v3/cmd/helm/helm.go:70 +0xc5 fp=0xc0002e9f80 sp=0xc0002e9ef0 pc=0x186f505
runtime.main()
runtime/proc.go:250 +0x212 fp=0xc0002e9fe0 sp=0xc0002e9f80 pc=0x43cdb2
runtime.goexit()
runtime/asm_amd64.s:1571 +0x1 fp=0xc0002e9fe8 sp=0xc0002e9fe0 pc=0x46ba41
goroutine 5 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0x0?)
k8s.io/klog/[email protected]/klog.go:1169 +0x6a
created by k8s.io/klog/v2.init.0
k8s.io/klog/[email protected]/klog.go:420 +0xf6
Environment
vSphere with Tanzu
vSphere Kubernetes Service
Cause
The bundled Helm version is incompatible with Photon 4 and Kubernetes 1.29.7, preventing the registry agent from reconciling and causing the new certificate to be improperly configured.
Resolution
Replace the /usr/local/helm3/linux-amd64/helm on the registry admin-agent pod with a compatible helm version.
Additional Information
Helm compatible version with Supervisor version for reference:
Helm 3.16.x supports Kubernetes versions 1.31.x to 1.28.x.
Helm 3.15.x supports Kubernetes versions 1.30.x to 1.27.x.
Helm 3.14.x supports Kubernetes versions 1.29.x to 1.26.x.
Attachments
Feedback
