AI Center Skills Not Working Due To Registry Certificate Expired

Resolution for AI Center skills not working due to Registry Certificate expiry.

Run the below command

  • kubectl get pods -A

If any are in ImagePullBackOff, run

  • kubectl -n

describe pod

Post this validation, that this is an effected pipeline, skill, package run

  • kubectl logs

If presented with an error x509 Certificate has expired, run the following to update registry certificate,

  • export KUBECONFIG=/etc/kubernetes/admin.conf
  • export DOCKER_REGISTRY_IP=$(kubectl -n kurl get service registry -o=jsonpath='{@.spec.clusterIP}' 2>/dev/null || echo "")

cat > registry.cnf <<EOF

[ req ]

default_bits = 2048

prompt = no

default_md = sha256

req_extensions = req_ext

distinguished_name = dn

[ dn ]

CN = registry.kurl.svc.cluster.local

[ req_ext ]

subjectAltName = @alt_names

[ v3_ext ]

authorityKeyIdentifier=keyid,issuer:always

basicConstraints=CA:FALSE

keyUsage=nonRepudiation,digitalSignature,keyEncipherment

extendedKeyUsage=serverAuth

subjectAltName=@alt_names

[ alt_names ]

DNS.1 = registry

DNS.2 = registry.kurl

DNS.3 = registry.kurl.svc

DNS.4 = registry.kurl.svc.cluster

DNS.5 = registry.kurl.svc.cluster.local

IP.1 = $DOCKER_REGISTRY_IP

EOF

openssl req -newkey rsa:2048 -nodes -keyout registry.key -out registry.csr -config registry.cnf

openssl x509 -req -days 365 -in registry.csr -CA "/etc/kubernetes/pki/ca.crt" -CAkey "/etc/kubernetes/pki/ca.key" -CAcreateserial -out registry.crt -extensions v3_ext -extfile registry.cnf

kubectl -n kurl delete secret registry-pki &>/dev/null || true

kubectl -n kurl create secret generic registry-pki --from-file=registry.key --from-file=registry.crt

kubectl -n kurl delete pod -l app=registry &>/dev/null || true

rm registry.cnf registry.key registry.crt registry.csr

Run kubectl get pods -A if any are in ImagePullBackOff, delete the pod.

If the image for the pod exists, run a kubectl -n delete pod .