[CI] Failure when checking endpoint: `self signed certificate in certificate chain`
Summary
We've observed intermittent errors in CI when running test.sh
to check the GitLab endpoint:
https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/jobs/1530932541
Waiting for Migrations...
job.batch/gitlab-migrations-1 condition met
Waiting for Deployments...
deployment.apps/gitlab-gitlab-exporter condition met
deployment.apps/gitlab-gitlab-shell condition met
deployment.apps/gitlab-registry condition met
deployment.apps/gitlab-sidekiq-all-in-1-v1 condition met
deployment.apps/gitlab-task-runner condition met
deployment.apps/gitlab-webservice-default condition met
Testing GitLab endpoint...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
It was observed in !208 (merged), and the added --retry
flag to curl
appeared to help. However, we have hit this again.
I'm not sure why a self-signed cert would appear in the chain - the TLS certificate on this Ingress endpoint is the DNS01 wildcard certificate that is already generated, which we copy into the namespace long before this check happens.