Error: Client network socket disconnected before s...
# 🌱|help-and-getting-started
Hello, I'm trying to get garden working using the
provider. Garden version 0.13.12. I have the
working just fine but am having trouble getting it set up for remote. I am using this document as my general guide I setup a cluster in Azure AKS and can connect to it using
kubectl get nodes
). I deployed contour, cert-manager, letsencrypt and certificate using helm/kubectl such that I have a valid certificate. My DNS points to the cluster (if I install a service using helm I can connect to it at my URL). I have a container registry created in azure and created a imagePullSecret and put it in the cluster using
kubectl create secret docker-registry
looks like: Edit - config removed for length. The issue is when I run
garden deploy --env remote
I get the following message:
Copy code
β„Ή garden               β†’ Running in Garden environment remote.default
β„Ή providers            β†’ Getting status...
βœ– providers            β†’ Failed processing resolve provider kubernetes (took 1.4 sec). Here is the output:

Error: Client network socket disconnected before secure TLS connection was established

Failed resolving one or more providers:
- kubernetes

See .garden/error.log for detailed error message
There does not appear to be any additional information in the logs. I've tried running with the
flag which appears to run it in an interactive mode, but I am not sure what to do from there. I am not sure where to go from here. Any help would be appreciated. Thanks, Matt
Hi @orange-analyst-19175 can you run
and put the output in a Gist?
Hi @quaint-dress-831. Thanks for responding. The output of
garden deploy --env remote -l5
is here:
Great, thank you. Can you also put your
somewhere accessible?
Just going through this, the error message is generic, not specific to
and indicates a network issue. I'd ask you if you've double-checked
is using the correct context but based on the line
β„Ή providers [silly]    β†’ GET
it looks like it is.
Frankly, I'm stumped what could be the issue as you have validated your kubectl config using
kubectl get nodes
Looks good to me
When i try to go to in a browser I get a not secure warning. Maybe I have something with my cluster not configured correctly?
Can you move your kubeconfig to a temporary backup location such as
then go through the steps in
Just to eliminate any other variables
Sounds good. I will try it and let you know.
Unfortunately, that didn't work. Looping back to my comment above about the "not secure" comment. Any idea if that is the normal behavior when trying to go to the API server address in a browser? I am also starting to wonder if it is somehow caused by our corporate network, but others on the network have successfully used garden with a remote cluster, so I don't know.
Well, here's my Scaleway Kubernetes cluster endpoint: I don't think cloud providers are putting certs on these in general, no
Ah, ok thanks. I won't chase after that thought then.
Ugh, so I have convinced myself that it is an issue with our corporate network. Not 100% sure which part of it, but i seem to be able to get it to work on a different machine after jumping through some hoops to get logged in. Thanks for your help. I think I need to track down the issue internally.
Hmm, so it looks like the clusters have self-signed certificates. On my machine, if I
I get a message about an SSL certificate problem. If I run
openssl s_client -connect -showcerts
I see the certificates. And if I run
curl -k
it seems to go through (unauthorized because no credentials are passed I guess). Is there a way in garden to do something equivalent to the
flag in
Or is it already set to allow self-signed certs. I think I still do not exactly understand what is happening.
@orange-analyst-19175 Garden is already set to allow self-signed certs so that shouldn't be an issue. And we don't enforce certificates on hostnames by default
@quaint-dress-831 Thanks for the info. Man, this has really got me stumped. So, I do most of my development in a Linux VM (VirtualBox) on a Windows host. Garden seems to work fine from the Windows host, and it seems to work fine on my personal Linux machine but not in the Linux VM. It is a bit odd that I seem to be able to connect to the cluster API server using
, but garden seems to die doing it, if I'm reading the logs correctly. Is there a way to see exactly what the request garden is sending is, including the headers, so I can try that in curl? Or do you know what headers are required? Is it just auth?
Ah, nvm, I used the token in the kube config and it worked.
@quaint-dress-831 I still do not understand why garden fails though. I had our network folks take my machine off of the firewall temporarily and it still fails. This is not too surprising since curl was able to make the request, but worth testing anyway. Any other ideas? Maybe there is some network navigation that
can handle, but that whatever library garden uses can't.
@orange-analyst-19175 have you tested if it's accessible using WSL2?
I don't have any suggestons for solving your current use-case but if it worked on WSL2, it might be at least a "Plan B"