Trying to install Nubus for evaluation

Nubus
1

Hello :slight_smile:
i’m trying to install nubus on our kubernetes cluster but i’m afraid that i need to somehow give the root cert to the pods nubus runs on, is there any way to do this… and i get these lines when installing the helm:

level=INFO msg=“warning: cannot overwrite table with non table for nubusGuardian.postgresql.auth.existingSecret (map[keyMapping:map])”
level=INFO msg=“warning: cannot overwrite table with non table for nubusNotificationsApi.postgresql.auth.existingSecret (map[keyMapping:map name:])”
level=INFO msg=“warning: cannot overwrite table with non table for keycloak.postgresql.auth.existingSecret (map[keyMapping:map])”
I0611 14:15:43.589079 1003810 warnings.go:107] “Warning: path /$ cannot be used with pathType Exact”
Error: server-side apply failed for object nubus/nubus-portal-frontend-static networking.k8s.io/v1, Kind=Ingress: admission webhook “validate.nginx.ingress.kubernetes.io” denied the request: ingress contains invalid paths: path /$ cannot be used with pathType Exact

Anyone out there who can give me a nudge in the right direction?

2

Hi,

the issue that got in your way can occur if your NGINX ingress controller is configured to enforce this specific admission webhook policy.

The corresponding fix has just been released with Nubus 1.20.1:
https://docs.software-univention.de/nubus-kubernetes-release-notes/1.x/en/1.20.html#portal-frontend

So just try again using the brandnew Nubus 1.20.1, and you should at least not experience the same issue again :wink:

Happy deploying!

3

That’s better, thank you,
The portal starts up but doesn’t work because there is an SSL Problem.
Is there a way to insert our own root cert?
the nubus-guardian-management-api cannot start the worker, and i think it all roots in the root cert problem:

Max retries exceeded with url: /realms/nubus/.well-known/openid-configuration │ │
│ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl. │ │
│ c:992)

4

or maybe not… but the portal gets it’s cert from our cert manager