Resolution for AI Center skills not working due to Registry Certificate expiry.
Run the below command
- kubectl get pods -A
If any are in ImagePullBackOff, run
- kubectl -n
describe pod
Post this validation, that this is an effected pipeline, skill, package run
- kubectl logs
If presented with an error x509 Certificate has expired, run the following to update registry certificate,
- export KUBECONFIG=/etc/kubernetes/admin.conf
- export DOCKER_REGISTRY_IP=$(kubectl -n kurl get service registry -o=jsonpath='{@.spec.clusterIP}' 2>/dev/null || echo "")
cat > registry.cnf <<EOF
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = registry.kurl.svc.cluster.local
[ req_ext ]
subjectAltName = @alt_names
[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth
subjectAltName=@alt_names
[ alt_names ]
DNS.1 = registry
DNS.2 = registry.kurl
DNS.3 = registry.kurl.svc
DNS.4 = registry.kurl.svc.cluster
DNS.5 = registry.kurl.svc.cluster.local
IP.1 = $DOCKER_REGISTRY_IP
EOF
openssl req -newkey rsa:2048 -nodes -keyout registry.key -out registry.csr -config registry.cnf
openssl x509 -req -days 365 -in registry.csr -CA "/etc/kubernetes/pki/ca.crt" -CAkey "/etc/kubernetes/pki/ca.key" -CAcreateserial -out registry.crt -extensions v3_ext -extfile registry.cnf
kubectl -n kurl delete secret registry-pki &>/dev/null || true
kubectl -n kurl create secret generic registry-pki --from-file=registry.key --from-file=registry.crt
kubectl -n kurl delete pod -l app=registry &>/dev/null || true
rm registry.cnf registry.key registry.crt registry.csr
Run kubectl get pods -A if any are in ImagePullBackOff, delete the pod.
If the image for the pod exists, run a kubectl -n delete pod .