Local K3S installation needs HTTPS certificates?

Hello,

I tried to install Gitpod locally with the K3S installer according to the README in the gitpod repo at install/docker/README.md
I used docker-compose. I provided some random values (UUIDs) for the minio-secrets.
As the domain I used .mygitpod.com, e.g. 192-168-178-29.ip.mygitpod.com. Is this correct or do I need some other IP? I installed this on docker on Ubuntu.

The gitpod-helm-installer completes but the proxy, ws-proxy and registry-facade do not start.
It seems they are missing HTTPS certificates (see log below). Is it necessary to provide HTTPS certificates for a local K3S installation and if yes what kinds?

Part-output of kubectl describe pod proxy (Full output was not possible due to 2 link restriction for new users but I can provide it if necessary):

  Type     Reason       Age                    From               Message
  ----     ------       ----                   ----               -------
  Normal   Scheduled    13m                    default-scheduler  Successfully assigned default/proxy-558bc95bd7-67c9l to f78d1bc2b01f
  Warning  FailedMount  12m (x8 over 13m)      kubelet            MountVolume.SetUp failed for volume "config-certificates" : secret "https-certificates" not found
  Warning  FailedMount  4m31s (x2 over 6m47s)  kubelet            Unable to attach or mount volumes: unmounted volumes=[config-certificates], unattached volumes=[builtin-registry-auth config-certificates config-nginx]: timed out waiting for the condition
  Warning  FailedMount  2m13s (x2 over 9m3s)   kubelet            Unable to attach or mount volumes: unmounted volumes=[config-certificates], unattached volumes=[config-certificates config-nginx builtin-registry-auth]: timed out waiting for the condition
  Warning  FailedMount  41s (x13 over 10m)     kubelet            MountVolume.SetUp failed for volume "config-certificates" : secret "https-certificates" not found

Thanks in advance for any replies :slight_smile:

Hi @lucas-koehler!

Thanks for trying the Gitpod k3s images. Please note that these images are still experimental and are not fully supported.

Regarding your question: Currently, we don’t support the mygitpod.com domain path (see also #2683, #2684). That means you need to use and configure your own domain with your own HTTPS certificate until we support mygitpod.com again.

Hope that info helps.

Cornelius

2 Likes

Alright, thanks for the fast answer. Good to know about the mygitpod.com rework :slight_smile: