="Fatal error from runtime: failed to retrieve the initial identity certificate: error establishing connection to sentry: context canceled: connection error: desc = \"transport: authentication handshake failed: remote error: tls: no application protocol\""

[chawleejay]

Hello

Im running into issues when trying to install dapr to a kubernetes cluster using argo cd.

        source:
        repoURL: https://dapr.github.io/helm-charts/
        targetRevision: "1.13"
        chart: dapr
        helm:
          values: |-
            global:
              registry: ghcr.io/dapr
              tag: 'edge'
              dnsSuffix: "cluster.local"
              logAsJson: false
              imagePullPolicy: Always
            mtls:
              enabled: false
              #workloadCertTTL: 24h
              #allowedClockSkew: 15m
            sentry:
              replicaCount: 0

From your docs: https://docs.dapr.io/reference/arguments-annotations-overview/

Im using kubernetes annotations attached to the above values.yaml file. Im obtaining a TLS certificate error but have mtls disabled and replicaCount for the dapr-sentry config = 0.

Error received:

="Fatal error from runtime: failed to retrieve the initial identity certificate: error establishing connection to sentry: context canceled: connection error: desc = \"transport: authentication handshake failed: remote error: tls: no application protocol\""

Where is this initial certificate config read from on initial dapr installation?

[yaron2]

Sentry must not be scaled to 0 replicas. You need to have at least 1 replica running.

[chawleejay]

isnt sentry only used for mtls? im not sure i quite understand its purpose from the docs @yaron2

[yaron2]

isnt sentry only used for mtls? im not sure i quite understand its purpose from the docs @yaron2

Yes, but even if you disable mTLS it's only disabled for service to service calls between sidecars. All communication between the sidecar and the control plane still use mTLS and this cannot be disabled.

[chawleejay]

okay thank you for your quick response. I will work on getting it configured

any docs on the mtls configuration between the sidecar/control plane using helm?

[chawleejay]

from my understanding dapr will take care of mtls via the token bundle that gets installed on the k8 cluster @yaron2 . Does internal app code need to be set up properly for the daprd sidecar to spin up properly?

[yaron2]

from my understanding dapr will take care of mtls via the token bundle that gets installed on the k8 cluster @yaron2 . Does internal app code need to be set up properly for the daprd sidecar to spin up properly?

no, your app's code shouldn't have anything special to run alongside Dapr.

[chawleejay]

@yaron2 are you able to help me understand the original error from my question "Fatal error from runtime: failed to retrieve the initial identity certificate:"

[chawleejay]

@yaron2 hey just wanted to check to see if you or your team had any update on this? If not can we close this case

[chawleejay]

@yaron2 Not quite sure where to go with this. Ive exhausted all efforts to get dapr running via Kubernetes and its not working. The sidecar-injector is showing it's mounting the certs. The daprd sidecar running along my app is showing a cert in the following env var...DAPR_TRUST_ANCHORS. Everything is out of the box following the K8 deployments guide and the daprd sidecar is still throwing the following error

level=fatal msg="Fatal error from runtime: failed to retrieve the initial identity certificate: error establishing connection to sentry: context canceled: connection error: desc = \"transport: authentication handshake failed: remote error: tls: no application protocol\""

Ive tried opening support tickets on the website and not getting anywhere

[yaron2]

@yaron2 Not quite sure where to go with this. Ive exhausted all efforts to get dapr running via Kubernetes and its not working. The sidecar-injector is showing it's mounting the certs. The daprd sidecar running along my app is showing a cert in the following env var...DAPR_TRUST_ANCHORS. Everything is out of the box following the K8 deployments guide and the daprd sidecar is still throwing the following error

level=fatal msg="Fatal error from runtime: failed to retrieve the initial identity certificate: error establishing connection to sentry: context canceled: connection error: desc = \"transport: authentication handshake failed: remote error: tls: no application protocol\""

Ive tried opening support tickets on the website and not getting anywhere

Can you join our Discord server and add me as a friend? My handle is yaron2

[yaron2]

Try this invite: https://discord.com/invite/dapr-778680217417809931

[chawleejay]

just added you @yaron2 . thanks

[chawleejay]

this issue is occurring because of the istio injection failing to communicate with the sentry. you can close this ticket and we can chat internally, thanks