diff --git a/.agents/skills/test-release-canary/SKILL.md b/.agents/skills/test-release-canary/SKILL.md index d0826536a..4bf7d38ae 100644 --- a/.agents/skills/test-release-canary/SKILL.md +++ b/.agents/skills/test-release-canary/SKILL.md @@ -83,7 +83,6 @@ helm install openshell oci://ghcr.io/nvidia/openshell/helm-chart \ --version 0.0.0-dev \ --namespace openshell --create-namespace \ --set server.disableTls=true \ - --set pkiInitJob.enabled=false \ --wait --timeout 5m kubectl wait --namespace openshell \ @@ -96,6 +95,10 @@ openshell gateway add http://127.0.0.1:8080 --local --name kind openshell status ``` +Keep `pkiInitJob.enabled=true` (the chart default), even when +`server.disableTls=true`. The hook also generates the sandbox JWT signing +secret that the gateway pod always mounts. + Swap `0.0.0-dev` for `0.0.0-dev.` to pin to a specific dev build. Tear down with `kind delete cluster --name release-canary-local`. Loopback registration auto-derives the gateway name to `openshell` if `--name` is omitted, which collides with the `install.sh`-installed local gateway — always pass `--name kind` (or another distinct name) when registering in addition to a local install. diff --git a/.github/workflows/release-canary.yml b/.github/workflows/release-canary.yml index 79d163d5a..cafc6bfdf 100644 --- a/.github/workflows/release-canary.yml +++ b/.github/workflows/release-canary.yml @@ -99,7 +99,6 @@ jobs: --version 0.0.0-dev \ --namespace "$RELEASE_NAMESPACE" --create-namespace \ --set server.disableTls=true \ - --set pkiInitJob.enabled=false \ --wait --timeout 5m - name: Verify gateway pod is Ready