https://communities.vmware.com/t5/Tanzu-Mission-Control-VMware/Unable-to-reconcile-tanzu-standard-repo/m-p/2982778#M5 <P>I believe this can be solved by adding the root CAs to the kapp-controller pods.</P> <P>Generate a ca-certificates.crt file with the contents of all CAs to be trusted.</P> <PRE>rm -f ca-certificates.crt<BR />cat rootCA.crt &gt;&gt; ca-certificates.crt<BR /># Repeat for all trusted CAs</PRE> <P>Load the certificate bundle into Kubernetes and update the kapp-controller deployment to include it in all pods.</P> <PRE>kubectl create -n tkg-system configmap kapp-controller-ca-certificates --from-file=ca-certificates.crt<BR /><BR />cat &lt;&lt;EOF | kubectl patch -n tkg-system deployment/kapp-controller --patch-file=/dev/stdin<BR />spec:<BR /> template:<BR /> spec:<BR /> containers:<BR /> - name: kapp-controller<BR /> volumeMounts:<BR /> - mountPath: /etc/ssl/certs/ca-certificates.crt<BR /> subPath: ca-certificates.crt<BR /> name: ca-certificates<BR /> readOnly: true<BR /> volumes:<BR /> - configMap:<BR /> name: kapp-controller-ca-certificates<BR /> name: ca-certificates<BR />EOF&nbsp;</PRE> <P>The kapp-controller pods will restart with the new configuration and should start working. You can follow the kapp-controller logs for more details.</P> <PRE>kubectl -n tkg-system logs -f deployment/kapp-controller</PRE> <P>&nbsp;</P> Fri, 18 Aug 2023 00:27:47 GMT jeffmace 2023-08-18T00:27:47Z https://communities.vmware.com/t5/Tanzu-Mission-Control-VMware/Unable-to-reconcile-tanzu-standard-repo/m-p/2981333#M2 <P>I am unable to reconcile the tanzau-standard repo due to a certificate error. How can I import or trust the authority for the harbor host to overcome this issue?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="returntrip_0-1691488138825.png" style="width: 825px;"><img src="https://communities.vmware.com/t5/image/serverpage/image-id/102949i1221F43101F1C454/image-dimensions/825x200/is-moderation-mode/true?v=v2" width="825" height="200" role="button" title="returntrip_0-1691488138825.png" alt="returntrip_0-1691488138825.png" /></span></P> <P>&nbsp;</P> Tue, 08 Aug 2023 11:53:35 GMT https://communities.vmware.com/t5/Tanzu-Mission-Control-VMware/Unable-to-reconcile-tanzu-standard-repo/m-p/2981333#M2 returntrip 2023-08-08T11:53:35Z https://communities.vmware.com/t5/Tanzu-Mission-Control-VMware/Unable-to-reconcile-tanzu-standard-repo/m-p/2982778#M5 <P>I believe this can be solved by adding the root CAs to the kapp-controller pods.</P> <P>Generate a ca-certificates.crt file with the contents of all CAs to be trusted.</P> <PRE>rm -f ca-certificates.crt<BR />cat rootCA.crt &gt;&gt; ca-certificates.crt<BR /># Repeat for all trusted CAs</PRE> <P>Load the certificate bundle into Kubernetes and update the kapp-controller deployment to include it in all pods.</P> <PRE>kubectl create -n tkg-system configmap kapp-controller-ca-certificates --from-file=ca-certificates.crt<BR /><BR />cat &lt;&lt;EOF | kubectl patch -n tkg-system deployment/kapp-controller --patch-file=/dev/stdin<BR />spec:<BR /> template:<BR /> spec:<BR /> containers:<BR /> - name: kapp-controller<BR /> volumeMounts:<BR /> - mountPath: /etc/ssl/certs/ca-certificates.crt<BR /> subPath: ca-certificates.crt<BR /> name: ca-certificates<BR /> readOnly: true<BR /> volumes:<BR /> - configMap:<BR /> name: kapp-controller-ca-certificates<BR /> name: ca-certificates<BR />EOF&nbsp;</PRE> <P>The kapp-controller pods will restart with the new configuration and should start working. You can follow the kapp-controller logs for more details.</P> <PRE>kubectl -n tkg-system logs -f deployment/kapp-controller</PRE> <P>&nbsp;</P> Fri, 18 Aug 2023 00:27:47 GMT https://communities.vmware.com/t5/Tanzu-Mission-Control-VMware/Unable-to-reconcile-tanzu-standard-repo/m-p/2982778#M5 jeffmace 2023-08-18T00:27:47Z