Controller setup on k8s, helm missing configMap

Hi,

I am trying out ziti and following up on the k8s deployment using the helm chart and got stuck at

Pod start error is:

configmap "ziti-controller-ctrl-plane-cas" not found

I followed the guide here:

There is a section of optional subcharts of cert-manager
I do not really want to install them as I already have it installed.

So I installed the helm chart without the sub charts, but then the init-container hangs at:

Events:
  Type     Reason                  Age               From                     Message
  ----     ------                  ----              ----                     -------
  Normal   Scheduled               35s               default-scheduler        Successfully assigned openziti/ziti-controller-77fc6949c8-wp6pl to aks-ap3-32698053-vmss000010
  Normal   SuccessfulAttachVolume  18s               attachdetach-controller  AttachVolume.Attach succeeded for volume "pvc-36d810a9-9a0b-4471-9bc1-244da0d8cfca"
  Warning  FailedMount             3s (x7 over 35s)  kubelet                  MountVolume.SetUp failed for volume "ziti-controller-ctrl-plane-cas" : configmap "ziti-controller-ctrl-plane-cas" not found

The certificates are created though

$ k get certificate
NAME                                           READY   SECRET                                              AGE
ziti-controller-admin-client-cert              True    ziti-controller-admin-client-secret                 137m
ziti-controller-ctrl-plane-client-identity     True    ziti-controller-ctrl-plane-client-identity-secret   137m
ziti-controller-ctrl-plane-identity            True    ziti-controller-ctrl-plane-identity-secret          137m
ziti-controller-ctrl-plane-intermediate-cert   True    ziti-controller-ctrl-plane-intermediate-secret      137m
ziti-controller-ctrl-plane-root-cert           True    ziti-controller-ctrl-plane-root-secret              137m
ziti-controller-edge-root-cert                 True    ziti-controller-edge-root-secret                    137m
ziti-controller-edge-signer-cert               True    ziti-controller-edge-signer-secret                  137m
ziti-controller-web-client-identity            True    ziti-controller-web-client-identity-secret          137m
ziti-controller-web-identity-cert              True    ziti-controller-web-identity-secret                 137m
ziti-controller-web-intermediate-cert          True    ziti-controller-web-intermediate-secret             137m
ziti-controller-web-root-cert                  True    ziti-controller-web-root-secret                     137m

How to create the configMap (structure) or how to resolve the problem?

The goal is to have ziti controller and router in the k8s cluster and playing along nice with existing deployments.

Thank you for your suggestions.

Welcome to the OpenZiti Discourse, @checkin247!

Sounds like a good plan. That symptom points toward trust manager not creating the bundle resource the controller needs to start up.

You can use the existing trust manager instance. Its trust namespace must be the namespace where the Ziti controller is installed.

Dear @qrkourier
thank you for your response and pointing me into the right direction.

Got it running, thank you @qrkourier.
conclusion: always work with an own trust-manager per ns if you don't want it to make it overly complicated.

1 Like