NetOps Unified Collection Framework (UCF)deployment failed: failed apps: istio-ingressgateway
Article ID: 426558
Updated On:
Products
Issue/Introduction
The UCF NetOps deployment failed: failed apps: istio-ingressgateway
kubectl get apps returns
platform istio-ingressgateway Reconcile failed: Deploying: Error (see .status.usefulErrorMessage for details)
Further investigating shows the error is with the TLS certificate entries
kubectl get app istio-ingressgateway -n platform -ojsonpath='{.status.usefulErrorMessage}'
kapp: Error: create secret/ingress-tls-secret (v1) namespace: istio-system:
Creating resource secret/ingress-tls-secret (v1) namespace: istio-system:
API server says:
Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 0 (reason: BadRequest)
Environment
Unified Collection Framework, all supported versions.
Cause
The entries in the ${NETOPS_HELM_PATH}/netops/netops-config.yaml file for base64TlsCrt and base64TlsKey must be base64 encoded. In this case the unencoded PEM certificates were used.
Resolution
While the PEM certificates use base64 encoding, you must base64 encode the whole certificate further.
Examples:
cat server.crt | base64 -w 0
cat server.key | base64 -w 0
Where:
server.crt is the PEM encoded public certificate including the header/footer
server.key is the corresponding private key including the header/footer.
You would use the the base64 encoded output of the certificate for the entry base64TlsCrt and the base64 encoded output of server.key for the value of base64TlsKey.
After correcting the entries, re-run the deploy step.
Additional Information
Feedback
