Problem
When deploying a secured cluster to a separate cluster following the documented multi-cluster flow, roxie fails with a cryptic error from roxctl:
roxctl error: ERROR: establishing GRPC connection to generate Cluster Registration Secrets:
could not get endpoint for gRPC connection: could not get endpoint:
invalid arguments: missing port in address
Steps to reproduce
Following the README:
# spoke-config.yaml
securedCluster:
spec:
centralEndpoint: "34.170.167.162:443"
ROX_ADMIN_PASSWORD=<password> \
ROX_CA_CERT_FILE=<ca-cert> \
roxie deploy secured-cluster -t 4.11.0 -c spoke-config.yaml
Roxie shows the correct Central Endpoint: 34.170.167.162:443 in its deployment config table, but then passes an empty endpoint to roxctl -e for CRS generation.
Root cause
In internal/deployer/deployer.go (New()), d.centralEndpoint is only populated from the API_ENDPOINT environment variable:
if endpoint := os.Getenv("API_ENDPOINT"); endpoint != "" {
d.centralEndpoint = endpoint
}
There is no fallback to the centralEndpoint field from the SecuredCluster config (securedCluster.spec.centralEndpoint). When API_ENDPOINT is not set, d.centralEndpoint remains empty and is passed as -e "" to roxctl in crs.go, causing the error.
The config value IS used for the SecuredCluster CR's spec.centralEndpoint (what sensor connects to), but NOT for the roxctl CRS generation call (what roxie uses to connect to Central's API).
Expected behavior
The documented flow should work: setting centralEndpoint in the config file should be sufficient for roxie to know where Central is. Roxie should use the config's centralEndpoint as fallback when API_ENDPOINT env is not set.
Workaround
Set the API_ENDPOINT environment variable explicitly:
API_ENDPOINT=34.170.167.162:443 \
ROX_ADMIN_PASSWORD=<password> \
ROX_CA_CERT_FILE=<ca-cert> \
roxie deploy secured-cluster -t 4.11.0 -c spoke-config.yaml
UX improvement suggestions
- When
d.centralEndpoint is empty and securedCluster.spec.centralEndpoint is set in the config, use that value as fallback.
- If
d.centralEndpoint is still empty when CRS generation is attempted, fail with a clear message like "Central endpoint not configured. Set API_ENDPOINT env var or centralEndpoint in the config file." instead of the opaque roxctl gRPC error.
Problem
When deploying a secured cluster to a separate cluster following the documented multi-cluster flow, roxie fails with a cryptic error from roxctl:
Steps to reproduce
Following the README:
Roxie shows the correct
Central Endpoint: 34.170.167.162:443in its deployment config table, but then passes an empty endpoint toroxctl -efor CRS generation.Root cause
In
internal/deployer/deployer.go(New()),d.centralEndpointis only populated from theAPI_ENDPOINTenvironment variable:There is no fallback to the
centralEndpointfield from the SecuredCluster config (securedCluster.spec.centralEndpoint). WhenAPI_ENDPOINTis not set,d.centralEndpointremains empty and is passed as-e ""to roxctl incrs.go, causing the error.The config value IS used for the SecuredCluster CR's
spec.centralEndpoint(what sensor connects to), but NOT for the roxctl CRS generation call (what roxie uses to connect to Central's API).Expected behavior
The documented flow should work: setting
centralEndpointin the config file should be sufficient for roxie to know where Central is. Roxie should use the config'scentralEndpointas fallback whenAPI_ENDPOINTenv is not set.Workaround
Set the
API_ENDPOINTenvironment variable explicitly:UX improvement suggestions
d.centralEndpointis empty andsecuredCluster.spec.centralEndpointis set in the config, use that value as fallback.d.centralEndpointis still empty when CRS generation is attempted, fail with a clear message like "Central endpoint not configured. Set API_ENDPOINT env var or centralEndpoint in the config file." instead of the opaque roxctl gRPC error.