Problem to solve
I’m trying to configure the GitLab agent to connect to the KAS server using mutual TLS (mTLS). I need to provide both a client certificate and a client key for the connection. I’m able to connect manually using these certificates, but the GitLab agent fails to connect.
What are you seeing, and how does that differ from what you expect to see?
I’m seeing a connection reset error when the agent tries to register. I expect it to connect and register successfully.
Steps to reproduce
-
Ran Helm command:
helm upgrade --install k8s-default gitlab/gitlab-agent \ --namespace gitlab-agent \ --create-namespace \ --set image.tag=v17.3.0 \ --set-file config.kasCaCert=ca.crt \ --set config.token=<token> \ --set config.kasAddress=wss://gitlab-instance.com/-/kubernetes-agent/ -
Received error:
{"time":"2024-09-05T11:20:33.285103035Z","level":"ERROR","msg":"Failed to register agent pod. Please make sure the agent version matches the server version","mod_name":"agent_registrar","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab-instance.com/-/kubernetes-agent/\\\": read tcp 192.168.103.239:59454->13.235.x.x:443: read: connection reset by peer\""} -
Manual WebSocket connection test:
wscat -c wss://gitlab-instance.com/-/kubernetes-agent/ \ --cert client.crt \ --key client.keyOutput:
Connected (press CTRL+C to quit) Disconnected (code: 1002, reason: "Expecting "ws-tunnel" subprotocol, got """)
Versions
- Self-managed