Error creating: Internal error occurred: failed calling webhook "validator.trow.io" installing Ceph with Helm on Kubernetes

7/7/2019

I'm trying to install Ceph using Helm on Kunbernetes following this tutorial install ceph

Probably the problem is that I installed trow registry before because as soon as I run the helm step

helm install --name=ceph local/ceph --namespace=ceph -f ~/ceph-overrides.yaml

I get this error in ceph namespace

Error creating: Internal error occurred: failed calling webhook "validator.trow.io": Post https://trow.kube-public.svc:443/validate-image?timeout=30s: dial tcp 10.102.137.73:443: connect: connection refused

How can I solve this?

-- adev
ceph
kubernetes
kubernetes-helm

1 Answer

7/18/2019

Apparently you are right with the presumption, I have a few concerns about this issue.

Trow registry manager controls the images that run in the cluster via implementing Admission webhooks that validate every request before pulling image, and as far as I can see Docker Hub images are not accepted by default.

The default policy will allow all images local to the Trow registry to be used, plus Kubernetes system images and the Trow images themselves. All other images are denied by default, including Docker Hub images.

Due to the fact that during Trow installation procedure you might require to distribute and approve certificate in order to establish secure HTTPS connection from target node to Trow server, I would suggest to check certificate presence on the node where you run ceph-helm chart as described in Trow documentation.

The other option you can run Trow registry manager with disabled TLS over HTTP, as was guided in the installation instruction.

-- mk_sta
Source: StackOverflow