Runners failing to get the registration token with x509: certificate signed by unknown authority" #1540
Unanswered
anithyusha
asked this question in
Questions
Runners failing to get the registration token with x509: certificate signed by unknown authority"
#1540
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
We are using actions runner controller to manage our self hosted runners in our Github enterprise account in Production using Kustomize. We have the similar set up for our GitHub dev but this uses a self signed certificate unlike the prod github.
while deploying the ARC in GitHub dev we are facing issues getting the runners register with GitHub dev. It fails getting the registration token with the following error
2022-06-14T22:56:55.579Z ERROR controller-runtime.controller Reconciler error {"controller": "runner-controller", "request": "actions-runner-system/m5.large-runner-deployment-w2s8n-jlqcg", "error": "failed to create registration token: Post "https://github-dev..io/api/v3/orgs//actions/runners/registration-token": x509: certificate signed by unknown authority"}
2022-06-14T22:56:55.579Z DEBUG controller-runtime.manager.events Warning {"object": {"kind":"Runner","namespace":"actions-runner-system","name":"m5.large-runner-deployment-w2-jlg","uid":"49deba3d-26a8-40c-9432-e8529e","apiVersion":"actions.summerwind.dev/v1alpha1","resourceVersion":"297037871"}, "reason": "FailedUpdateRegistrationToken", "message": "Updating registration token failed"}
We have tested the ARC with our current version in Prod as well as the latest versions
Current Controller version : V0.19.0
Updated controller version in dev : v0.23.0
Runner version : summerwind/actions-runner-dind:v2.285.0-ubuntu-20.04@
I have already tried the following approaches from the discussions in the community
Bundled our CA cert with the controller and runner images -
FROM golang:1.17 as builder
COPYx.crt /usr/local/share/ca-certificates/x.crt
RUN update-ca-certificates
FROM summerwind/actions-runner-controller:v0.19.0@sha256:cdb159c69e80ef4e4bd61bf258936883c73709b225fd1ab212e5035c5cf9ed10
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
This did not work
Also tried adding the CA cert as configmap/secret/volume mounts discussed in the #949 (comment)
#949
#945 (reply in thread)
Nothing seems to work for us. I have verified the self signed cert is valid using openssl connect. Our self signed cert has a cert chain and I have tried including all the cert chain as well.
Beta Was this translation helpful? Give feedback.
All reactions