VMware Modern Apps Community
jeffsmaia
Contributor
Contributor
‎03-27-2024 09:15 AM

Problem to deploy Contour service on vSphere with Tanzu 8

Problem to deploy Contour on vSphere with Tanzu 8

I'm installing vSphere with Tanzu on vSphere 8. The installation goes well and the deploy of Tanzu is finished successfully.


But when I tried to install the Contour service I get an error "Reason: ReconcileFailed. Message: I0327 15:52:38.347544 16294 request.go:690] Waited for 1.048310726s due to client-side throttling, not priority and fairness, request: GET:https://10.96.0.1:443/apis/topology.tanzu.vmware.com/v1alpha1 kapp: Error: waiting on reconcile deployment/contour (apps/v1) namespace: svc-contour-domain-c8: Finished unsuccessfully (Deployment is not progressing: ProgressDeadlineExceeded (message: ReplicaSet "contour-7cb4c7bbd5" has timed out progressing.)).".

So I've looked into the containers e saw an error on contour pods: "time="2024-03-27T15:54:57Z" level=info msg="args: [serve --incluster --xds-address=0.0.0.0 --xds-port=8001 --stats-address=0.0.0.0 --http-address=0.0.0.0 --envoy-service-http-address=0.0.0.0 --envoy-service-https-address=0.0.0.0 --health-address=0.0.0.0 --contour-cafile=/certs/ca.crt --contour-cert-file=/certs/tls.crt --contour-key-file=/certs/tls.key --config-path=/config/contour.yaml]"
time="2024-03-27T15:54:57Z" level=error msg="Failed to get API Group-Resources" caller="cluster.go:161" context=kubernetes error="Get \"https://10.96.0.1:443/api?timeout=32s\": x509: certificate is valid for 172.35.70.102, not 10.96.0.1"
time="2024-03-27T15:54:57Z" level=fatal msg="unable to initialize Server dependencies required to start Contour" error="unable to set up controller manager: Get \"https://10.96.0.1:443/api?timeout=32s\": x509: certificate is valid for 172.35.70.102, not 10.96.0.1"".

It's a nested environment for a lab (study).

I have 3 hosts, 3 portgroups for management, workload and frontend (all with different networks).

Tanzu was deployed with NSX-ALB for loadbalance.

The management network is 10.3.5.128/26
The workload network is 172.35.60.0/24
The frontend network is 172.35.70.0/24

All three networks communicate with each other.

How can I correct this configuration?

Labels (1)
Labels
Tags (3)
Preview file
43 KB
Preview file
29 KB
Preview file
128 KB
Preview file
69 KB
Preview file
128 KB
Preview file
63 KB
Preview file
53 KB
0 Kudos
3 Replies
bdamian
Expert
Expert
‎03-28-2024 01:41 PM

It seems to be a problem with a certificate: "certificate is valid for 172.35.70.102, not 10.96.0.1"

Did you install CERT-MANAGER before Contour?

 

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Tags (1)
0 Kudos
jeffsmaia
Contributor
Contributor
‎04-01-2024 05:55 AM

No, I didn't install cert manager. I do not see it as a prerequisite from documentation. https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-with-tanzu-services-workloads/GUID-D0DEC184-00...

When I installed through bootstrap machine(tkgm) I did all the installation correctly (ca-cert manager, contour, external dns , harbor....) but in the vsphere ui installation (tkgs), I couldn't find the cert manager as a previous step.

0 Kudos
bdamian
Expert
Expert
‎04-01-2024 06:19 AM

Could you try? I'm pretty sure that cert-manager is a prerequisite for contour.

 

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
0 Kudos