Skip to content
This repository has been archived by the owner on Jun 28, 2023. It is now read-only.

creating docker clusters behind corporate firewall with ssl dpi fails #1395

Closed
displacedbuck opened this issue Aug 20, 2021 · 3 comments
Closed

creating docker clusters behind corporate firewall with ssl dpi fails #1395

displacedbuck opened this issue Aug 20, 2021 · 3 comments
Labels
kind/bug A bug in an existing capability owner/core-eng Work executed by TCE's core engineering team
Milestone
icebox

Comments

@displacedbuck
Copy link

Bug Report

In an environment with a firewall the performs ssl dpi, the control plane fails to initialize. It fails trying to pull the image kindest/haproxy:[tag]. If the same machine is connected to a different network without the ssl dpi the cluster creates.

Expected Behavior

Docker cluster should be able to created

Steps to Reproduce the Bug

Tested on macbook

  1. install firewall cert in system trust
  2. connect to network with firewall and ssl dpi
  3. run tanzu standalone-cluster create -i docker randomname
  4. inspect logs for capd-system controlplane and see errors

Environment Details

  • Build version (tanzu version): v1.4.0-pre-alpha-2
  • Operating System (client): macos bigsur
@displacedbuck displacedbuck added kind/bug A bug in an existing capability triage/needs-triage Needs triage by TCE maintainers labels Aug 20, 2021
@joshrosso
Copy link
Contributor

@displacedbuck, any chance you could provide those logs from capd-system control plane as you mentioned?

@joshrosso joshrosso added triage/needs-info Needs more information from the filer before moving forward and removed triage/needs-triage Needs triage by TCE maintainers labels Aug 20, 2021
@displacedbuck
Copy link
Author

@joshrosso repetitious error starts at line 144 .
capd-controller.txt

@joshrosso
Copy link
Contributor

Got it! Thanks for the extra detail.

Adding a note here that when we move away from dockerhub for CAPD's HA Proxy, this issue should go away.

However, I'd welcome any guidance folks have on this behavior when SSL DPI is in place.

@joshrosso joshrosso added area/cluster-lifecycle and removed triage/needs-info Needs more information from the filer before moving forward labels Aug 23, 2021
@joshrosso joshrosso added this to the icebox milestone Aug 23, 2021
@joshrosso joshrosso added owner/core-eng Work executed by TCE's core engineering team and removed area/cluster-lifecycle labels Sep 19, 2021
@swalner-vmware swalner-vmware mentioned this issue Mar 21, 2022
Closed
@jdumars jdumars closed this as completed Oct 31, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug A bug in an existing capability owner/core-eng Work executed by TCE's core engineering team
Projects
None yet
Milestone
icebox
Development

No branches or pull requests
3 participants
@jdumars @joshrosso @displacedbuck