Trouble with setup
I don't know much about kubernetes and all, but i was trying to follow the guide... but was having some trouble with some of the services :')
there's more than 1 problem but i will focus on the first one that i couldn't fix yet, and hope to be able to use what i learn to fix the others..
this is what appears to be the issue when trying to run the sealed-secrets thing... and i couldn't find anything useful about this issue anywhere :(
also, i had some trouble with the recipes because of versions and things like this :') but i managed to understand it while exploring the premix repo...
i didn't want to actually use the ansible thing on premix because i want to learn, but, i explored it to (at least try to) understand what i should do to make it work
working with kubernetes without any knowledge is hard, but i'm having fun... maybe.........
Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
66 Replies
LOL, the painful kind of fun š
what do you see when you describe the helmrelease with kubectl?
i don't know if i did it correctly but...
for some reason discord won't let me upload images, it just keeps loading
mbenl@main:~$ kubectl describe HelmRelease sealed-secrets
Error from server (NotFound): helmreleases.helm.toolkit.fluxcd.io "sealed-secrets" not found
mbenl@main:~$ kubectl describe HelmRelease sealed-secrets
Error from server (NotFound): helmreleases.helm.toolkit.fluxcd.io "sealed-secrets" not found
you're close, but add the namespace too
like
kubectl describe helmrelease -n sealed-secrets sealed-secretsoh
it is a bit.. big
oh, and i cant send the file because.. discord
ok lemme think
kubectl describe helmrelease -n sealed-secrets sealed-secrets
Name: sealed-secrets
Namespace: sealed-secrets
Labels: kustomize.toolkit.fluxcd.io/name=sealed-secrets
kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations: <none>
API Version: helm.toolkit.fluxcd.io/v2
Kind: HelmRelease
Metadata:
Creation Timestamp: 2024-05-26T04:33:35Z
Finalizers:
finalizers.fluxcd.io
Generation: 4
Resource Version: 938348
UID: 57714477-ace4-4f36-9d3b-3a616d7a9a1c
Spec:
Chart:
Spec:
Chart: sealed-secrets
Reconcile Strategy: ChartVersion
Source Ref:
Kind: HelmRepository
Name: sealed-secrets
Namespace: flux-system
Version: 2.x
Interval: 15m
Release Name: sealed-secrets
Timeout: 5m
Values From:
Kind: ConfigMap
Name: sealed-secrets-helm-chart-value-overrides
Values Key: values.yaml
kubectl describe helmrelease -n sealed-secrets sealed-secrets
Name: sealed-secrets
Namespace: sealed-secrets
Labels: kustomize.toolkit.fluxcd.io/name=sealed-secrets
kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations: <none>
API Version: helm.toolkit.fluxcd.io/v2
Kind: HelmRelease
Metadata:
Creation Timestamp: 2024-05-26T04:33:35Z
Finalizers:
finalizers.fluxcd.io
Generation: 4
Resource Version: 938348
UID: 57714477-ace4-4f36-9d3b-3a616d7a9a1c
Spec:
Chart:
Spec:
Chart: sealed-secrets
Reconcile Strategy: ChartVersion
Source Ref:
Kind: HelmRepository
Name: sealed-secrets
Namespace: flux-system
Version: 2.x
Interval: 15m
Release Name: sealed-secrets
Timeout: 5m
Values From:
Kind: ConfigMap
Name: sealed-secrets-helm-chart-value-overrides
Values Key: values.yaml
Status:
Conditions:
Last Transition Time: 2024-05-28T16:08:30Z
Message: Failed to upgrade after 1 attempt(s)
Observed Generation: 4
Reason: RetriesExceeded
Status: True
Type: Stalled
Last Transition Time: 2024-05-28T15:58:45Z
Message: Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
Observed Generation: 4
Reason: UpgradeFailed
Status: False
Type: Ready
Last Transition Time: 2024-05-28T15:58:45Z
Message: Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
Observed Generation: 4
Reason: UpgradeFailed
Status: False
Type: Released
Failures: 1
Helm Chart: flux-system/sealed-secrets-sealed-secrets
Status:
Conditions:
Last Transition Time: 2024-05-28T16:08:30Z
Message: Failed to upgrade after 1 attempt(s)
Observed Generation: 4
Reason: RetriesExceeded
Status: True
Type: Stalled
Last Transition Time: 2024-05-28T15:58:45Z
Message: Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
Observed Generation: 4
Reason: UpgradeFailed
Status: False
Type: Ready
Last Transition Time: 2024-05-28T15:58:45Z
Message: Helm upgrade failed for release sealed-secrets/sealed-secrets with chart [email protected]: client rate limiter Wait returned an error: context deadline exceeded
Observed Generation: 4
Reason: UpgradeFailed
Status: False
Type: Released
Failures: 1
Helm Chart: flux-system/sealed-secrets-sealed-secrets
History:
App Version: 0.26.3
Chart Name: sealed-secrets
Chart Version: 2.15.4
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:fe316093062fedbc9069f0bcf644f7fe69ef8967ea90d487432a7a7948ad3f23
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T15:53:44Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 4
App Version: v0.16.0
Chart Name: sealed-secrets
Chart Version: 1.16.1
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:1651a9d6c2d30e2e8c4497457a08781870903352428f879e298c68a643a70ff4
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T15:32:18Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 3
App Version: 0.26.3
Chart Name: sealed-secrets
Chart Version: 2.15.4
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:f9b1828ca29b496bf240fa3e57f6e799ff0da2424be99cb87b8eceecf94b9a29
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T05:24:35Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 2
App Version: v0.16.0
Chart Name: sealed-secrets
Chart Version: 1.16.1
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:e56cc2cec13ac611a4c9527bddacad0b322dac90c561aac354d75de990dbb2de
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-26T04:33:39Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: deployed
Version: 1
Last Attempted Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Last Attempted Generation: 4
Last Attempted Release Action: upgrade
Last Attempted Revision: 2.15.4
Observed Generation: 4
Storage Namespace: sealed-secrets
Upgrade Failures: 1
Events: <none>
History:
App Version: 0.26.3
Chart Name: sealed-secrets
Chart Version: 2.15.4
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:fe316093062fedbc9069f0bcf644f7fe69ef8967ea90d487432a7a7948ad3f23
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T15:53:44Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 4
App Version: v0.16.0
Chart Name: sealed-secrets
Chart Version: 1.16.1
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:1651a9d6c2d30e2e8c4497457a08781870903352428f879e298c68a643a70ff4
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T15:32:18Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 3
App Version: 0.26.3
Chart Name: sealed-secrets
Chart Version: 2.15.4
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:f9b1828ca29b496bf240fa3e57f6e799ff0da2424be99cb87b8eceecf94b9a29
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-28T05:24:35Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: failed
Version: 2
App Version: v0.16.0
Chart Name: sealed-secrets
Chart Version: 1.16.1
Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Digest: sha256:e56cc2cec13ac611a4c9527bddacad0b322dac90c561aac354d75de990dbb2de
First Deployed: 2024-05-26T04:33:39Z
Last Deployed: 2024-05-26T04:33:39Z
Name: sealed-secrets
Namespace: sealed-secrets
Status: deployed
Version: 1
Last Attempted Config Digest: sha256:4c865c805ec52150d2e85ca74a5564a5d967d3c375bd59b7b1d653ea9861bad1
Last Attempted Generation: 4
Last Attempted Release Action: upgrade
Last Attempted Revision: 2.15.4
Observed Generation: 4
Storage Namespace: sealed-secrets
Upgrade Failures: 1
Events: <none>
ok...
(i will read it now)
and what do the pods in the
sealed-secrets namespace look like?kubectl get pods -A -n sealed-secrets
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-6cff6bdfc6-l8lp8 1/1 Running 1 (11h ago) 18h
cert-manager cert-manager-cainjector-74869b6b8b-6chp7 1/1 Running 1 (11h ago) 18h
cert-manager cert-manager-webhook-68cc85b98c-h627j 1/1 Running 1 (11h ago) 18h
external-dns external-dns-c694456f6-nbv9p 1/1 Running 1 (11h ago) 18h
flux-system helm-controller-5f7457c9dd-5mrql 1/1 Running 3 (11h ago) 3d2h
flux-system kustomize-controller-5f58d55f76-wg7jv 1/1 Running 3 (11h ago) 3d2h
flux-system notification-controller-685bdc466d-9fbvd 1/1 Running 3 (11h ago) 3d2h
flux-system source-controller-86b8b57796-txw22 1/1 Running 3 (11h ago) 3d2h
kube-system coredns-6799fbcd5-5kdpj 1/1 Running 2 (11h ago) 3d3h
kube-system local-path-provisioner-6c86858495-hpwhj 1/1 Running 4 (11h ago) 3d3h
kube-system metrics-server-54fd9b65b-9mvxt 1/1 Running 3 (11h ago) 3d3h
metallb-system metallb-controller-665d96757f-8sbsn 1/1 Running 1 (11h ago) 18h
metallb-system metallb-speaker-fzqlf 4/4 Running 7 (11h ago) 18h
metallb-system metallb-speaker-j85pz 4/4 Running 4 (11h ago) 18h
podinfo podinfo-7c9849f9d4-q6jdz 1/1 Running 2 (11h ago) 3d2h
sealed-secrets sealed-secrets-5ffccb59b8-twk2h 1/1 Running 1 (11h ago) 26h
sealed-secrets sealed-secrets-757cc69b46-wcf9z 0/1 ImagePullBackOff 0 8h
traefik traefik-6bdc4b9cf4-cjvp6 1/1 Running 1 (11h ago) 18h
kubectl get pods -A -n sealed-secrets
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-6cff6bdfc6-l8lp8 1/1 Running 1 (11h ago) 18h
cert-manager cert-manager-cainjector-74869b6b8b-6chp7 1/1 Running 1 (11h ago) 18h
cert-manager cert-manager-webhook-68cc85b98c-h627j 1/1 Running 1 (11h ago) 18h
external-dns external-dns-c694456f6-nbv9p 1/1 Running 1 (11h ago) 18h
flux-system helm-controller-5f7457c9dd-5mrql 1/1 Running 3 (11h ago) 3d2h
flux-system kustomize-controller-5f58d55f76-wg7jv 1/1 Running 3 (11h ago) 3d2h
flux-system notification-controller-685bdc466d-9fbvd 1/1 Running 3 (11h ago) 3d2h
flux-system source-controller-86b8b57796-txw22 1/1 Running 3 (11h ago) 3d2h
kube-system coredns-6799fbcd5-5kdpj 1/1 Running 2 (11h ago) 3d3h
kube-system local-path-provisioner-6c86858495-hpwhj 1/1 Running 4 (11h ago) 3d3h
kube-system metrics-server-54fd9b65b-9mvxt 1/1 Running 3 (11h ago) 3d3h
metallb-system metallb-controller-665d96757f-8sbsn 1/1 Running 1 (11h ago) 18h
metallb-system metallb-speaker-fzqlf 4/4 Running 7 (11h ago) 18h
metallb-system metallb-speaker-j85pz 4/4 Running 4 (11h ago) 18h
podinfo podinfo-7c9849f9d4-q6jdz 1/1 Running 2 (11h ago) 3d2h
sealed-secrets sealed-secrets-5ffccb59b8-twk2h 1/1 Running 1 (11h ago) 26h
sealed-secrets sealed-secrets-757cc69b46-wcf9z 0/1 ImagePullBackOff 0 8h
traefik traefik-6bdc4b9cf4-cjvp6 1/1 Running 1 (11h ago) 18h
kubectl get pods -n sealed-secrets
NAME READY STATUS RESTARTS AGE
sealed-secrets-5ffccb59b8-twk2h 1/1 Running 1 (11h ago) 26h
sealed-secrets-757cc69b46-wcf9z 0/1 ImagePullBackOff 0 8h
kubectl get pods -n sealed-secrets
NAME READY STATUS RESTARTS AGE
sealed-secrets-5ffccb59b8-twk2h 1/1 Running 1 (11h ago) 26h
sealed-secrets-757cc69b46-wcf9z 0/1 ImagePullBackOff 0 8h
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
config--metallb-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
democratic-csi False False health check failed after 10m0.017870595s: timeout waiting for: [HelmRelease/democratic-csi/democratic-csi status: 'InProgress']
external-dns main@sha1:61982a25 False False health check failed after 27.162688ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
letsencrypt-wildcard-cert main@sha1:a0c1404e False False dependency 'flux-system/sealed-secrets' is not ready
metallb--metallb-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
podinfo main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
sealed-secrets main@sha1:a0c1404e False False health check failed after 36.29567ms: failed early due to stalled resources: [Deployment/sealed-secrets/sealed-secrets status: 'Failed']
secret-replicator False False health check failed after 2m0.01822746s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
config--metallb-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
democratic-csi False False health check failed after 10m0.017870595s: timeout waiting for: [HelmRelease/democratic-csi/democratic-csi status: 'InProgress']
external-dns main@sha1:61982a25 False False health check failed after 27.162688ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
letsencrypt-wildcard-cert main@sha1:a0c1404e False False dependency 'flux-system/sealed-secrets' is not ready
metallb--metallb-system main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
podinfo main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
sealed-secrets main@sha1:a0c1404e False False health check failed after 36.29567ms: failed early due to stalled resources: [Deployment/sealed-secrets/sealed-secrets status: 'Failed']
secret-replicator False False health check failed after 2m0.01822746s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:602f4ff6 False True Applied revision: main@sha1:602f4ff6
so in sealedsecrets, the question will be why that pod is in a
ImagePullBackOff state
can you try describing the bad pod?so.. how can i do it?
also, one question that i have
should i be running these commands directly on my master node through ssh or theres another way to do it?
i got confused because on the flux part, theres a download for mac and windows
actually im running everything on the master node through ssh and it's working... i think
i'm asking because when i tried by the pod name, it failed saying something like "not found"
i Will try again in a minute
ok, now it works i think
(it showed the 2 pods)
kubectl describe pod -n sealed-secrets sealed-secrets
Name: sealed-secrets-5ffccb59b8-twk2h
Namespace: sealed-secrets
Priority: 0
Service Account: sealed-secrets
Node: spark/10.1.180.66
Start Time: Mon, 27 May 2024 21:38:31 +0000
Labels: app.kubernetes.io/instance=sealed-secrets
app.kubernetes.io/name=sealed-secrets
pod-template-hash=5ffccb59b8
Annotations: kubectl.kubernetes.io/restartedAt: 2024-05-27T21:38:30Z
Status: Running
IP: 10.42.1.40
IPs:
IP: 10.42.1.40
Controlled By: ReplicaSet/sealed-secrets-5ffccb59b8
kubectl describe pod -n sealed-secrets sealed-secrets
Name: sealed-secrets-5ffccb59b8-twk2h
Namespace: sealed-secrets
Priority: 0
Service Account: sealed-secrets
Node: spark/10.1.180.66
Start Time: Mon, 27 May 2024 21:38:31 +0000
Labels: app.kubernetes.io/instance=sealed-secrets
app.kubernetes.io/name=sealed-secrets
pod-template-hash=5ffccb59b8
Annotations: kubectl.kubernetes.io/restartedAt: 2024-05-27T21:38:30Z
Status: Running
IP: 10.42.1.40
IPs:
IP: 10.42.1.40
Controlled By: ReplicaSet/sealed-secrets-5ffccb59b8
Containers:
sealed-secrets:
Container ID: containerd://70f635dcc5bf6f1d202a616488dfcc7aefa10fa1064528510620c010414f6316
Image: bitnami/sealed-secrets-controller:v0.17.2
Image ID: docker.io/bitnami/sealed-secrets-controller@sha256:f077eb76b6b25fdc23495aed57eb5315214bcb14c0a812e02c341cace1bc7375
Port: 8080/TCP
Host Port: 0/TCP
Command:
controller
Args:
--key-prefix
sealed-secrets-key
State: Running
Started: Tue, 28 May 2024 12:34:54 +0000
Last State: Terminated
Reason: Unknown
Exit Code: 255
Started: Mon, 27 May 2024 21:38:31 +0000
Finished: Tue, 28 May 2024 12:34:52 +0000
Ready: True
Restart Count: 1
Liveness: http-get http://:8080/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:8080/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mg4wf (ro)
Containers:
sealed-secrets:
Container ID: containerd://70f635dcc5bf6f1d202a616488dfcc7aefa10fa1064528510620c010414f6316
Image: bitnami/sealed-secrets-controller:v0.17.2
Image ID: docker.io/bitnami/sealed-secrets-controller@sha256:f077eb76b6b25fdc23495aed57eb5315214bcb14c0a812e02c341cace1bc7375
Port: 8080/TCP
Host Port: 0/TCP
Command:
controller
Args:
--key-prefix
sealed-secrets-key
State: Running
Started: Tue, 28 May 2024 12:34:54 +0000
Last State: Terminated
Reason: Unknown
Exit Code: 255
Started: Mon, 27 May 2024 21:38:31 +0000
Finished: Tue, 28 May 2024 12:34:52 +0000
Ready: True
Restart Count: 1
Liveness: http-get http://:8080/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:8080/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mg4wf (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-mg4wf:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-mg4wf:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
Name: sealed-secrets-757cc69b46-wcf9z
Namespace: sealed-secrets
Priority: 0
Service Account: sealed-secrets
Node: spark/10.1.180.66
Start Time: Tue, 28 May 2024 15:53:45 +0000
Labels: app.kubernetes.io/instance=sealed-secrets
app.kubernetes.io/name=sealed-secrets
pod-template-hash=757cc69b46
Annotations: <none>
Status: Pending
IP: 10.42.1.43
IPs:
IP: 10.42.1.43
Controlled By: ReplicaSet/sealed-secrets-757cc69b46
Containers:
controller:
Container ID:
Image: quay.io/bitnami/sealed-secrets-controller:v0.17.2
Image ID:
Ports: 8080/TCP, 8081/TCP
Host Ports: 0/TCP, 0/TCP
Command:
controller
Args:
--update-status
--key-prefix
sealed-secrets-key
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Liveness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nh5vr (ro)
Name: sealed-secrets-757cc69b46-wcf9z
Namespace: sealed-secrets
Priority: 0
Service Account: sealed-secrets
Node: spark/10.1.180.66
Start Time: Tue, 28 May 2024 15:53:45 +0000
Labels: app.kubernetes.io/instance=sealed-secrets
app.kubernetes.io/name=sealed-secrets
pod-template-hash=757cc69b46
Annotations: <none>
Status: Pending
IP: 10.42.1.43
IPs:
IP: 10.42.1.43
Controlled By: ReplicaSet/sealed-secrets-757cc69b46
Containers:
controller:
Container ID:
Image: quay.io/bitnami/sealed-secrets-controller:v0.17.2
Image ID:
Ports: 8080/TCP, 8081/TCP
Host Ports: 0/TCP, 0/TCP
Command:
controller
Args:
--update-status
--key-prefix
sealed-secrets-key
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Liveness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-nh5vr (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-nh5vr:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal BackOff 4m23s (x3100 over 11h) kubelet Back-off pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-nh5vr:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal BackOff 4m23s (x3100 over 11h) kubelet Back-off pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
GitHub
Unable to find container images Ā· Issue #822 Ā· bitnami-labs/sealed-...
I am not able to install sealed-secrets anymore. Using helm chart (v2.1.5), my k8s cluster is not able to find the container image: 13s Normal Pulling pod/sealed-secrets-controller-5d8db499cd-zthst...
:thinking_tunado:
i think maybe there's something weird happening with the versions?
sealed-secrets 2.15.4 Ā· sealed-secrets/bitnami-labs
Helm chart for the sealed-secrets controller.
here the app version should be 0.26.3
with the chart version 2.15.4
and i THINK i did everything correctly here:
helmrelease-sealed-secrets.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sealed-secrets
namespace: sealed-secrets
spec:
chart:
spec:
chart: sealed-secrets
version: 2.x
sourceRef:
kind: HelmRepository
name: sealed-secrets
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: sealed-secrets
valuesFrom:
- kind: ConfigMap
name: sealed-secrets-helm-chart-value-overrides
valuesKey: values.yaml # This is the default, but best to be explicit for clarity
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sealed-secrets
namespace: sealed-secrets
spec:
chart:
spec:
chart: sealed-secrets
version: 2.x
sourceRef:
kind: HelmRepository
name: sealed-secrets
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: sealed-secrets
valuesFrom:
- kind: ConfigMap
name: sealed-secrets-helm-chart-value-overrides
valuesKey: values.yaml # This is the default, but best to be explicit for clarity
that's fine, you can manage the cluster from anywhere where you can get access to the kube api
i would want to do it from my pc, i think i could do it but i don't know what i should download to do it
so you still have a pod unabel to pull its image?
yes
if you comment this out altogether, does it pull a good image?
valuesFrom:
- kind: ConfigMap
name: sealed-secrets-helm-chart-value-overrides
valuesKey: values.yaml # This is the default, but best to be explicit for clarity
valuesFrom:
- kind: ConfigMap
name: sealed-secrets-helm-chart-value-overrides
valuesKey: values.yaml # This is the default, but best to be explicit for clarity
just to confirm, so it should be like this?
to test if it can pull the correct image, right?
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sealed-secrets
namespace: sealed-secrets
spec:
chart:
spec:
chart: sealed-secrets
version: 2.x
sourceRef:
kind: HelmRepository
name: sealed-secrets
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: sealed-secrets
# valuesFrom:
# - kind: ConfigMap
# name: sealed-secrets-helm-chart-value-overrides
# valuesKey: values.yaml # This is the default, but best to be explicit for clarity
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sealed-secrets
namespace: sealed-secrets
spec:
chart:
spec:
chart: sealed-secrets
version: 2.x
sourceRef:
kind: HelmRepository
name: sealed-secrets
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: sealed-secrets
# valuesFrom:
# - kind: ConfigMap
# name: sealed-secrets-helm-chart-value-overrides
# valuesKey: values.yaml # This is the default, but best to be explicit for clarity
so.. i tried what i saw here (https://stackoverflow.com/questions/34848422/how-can-i-debug-imagepullbackoff) now
Stack Overflow
How can I debug "ImagePullBackOff"?
All of a sudden, I cannot deploy some images which could be deployed before. I got the following pod status:
[root@webdev2 origin]# oc get pods
NAME READY STATUS
and it didn't work
BUT
theres some changes on the describe pod
more data
i think only the events should be useful
working pod:
the broken one that still broken
ohhh i think i got the problem
i need to understand why discord wont let me send files....
it would be so much easier to explain what i found
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m57s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-5ffccb59b8-6rsxk to spark
Normal Pulled 2m57s kubelet Container image "bitnami/sealed-secrets-controller:v0.17.2" already present on machine
Normal Created 2m57s kubelet Created container sealed-secrets
Normal Started 2m57s kubelet Started container sealed-secrets
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m57s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-5ffccb59b8-6rsxk to spark
Normal Pulled 2m57s kubelet Container image "bitnami/sealed-secrets-controller:v0.17.2" already present on machine
Normal Created 2m57s kubelet Created container sealed-secrets
Normal Started 2m57s kubelet Started container sealed-secrets
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m57s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-757cc69b46-kgvh6 to spark
Normal Pulling 84s (x4 over 2m57s) kubelet Pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
Warning Failed 83s (x4 over 2m56s) kubelet Failed to pull image "quay.io/bitnami/sealed-secrets-controller:v0.17.2": failed to pull and unpack image "quay.io/bitnami/sealed-secrets-controller:v0.17.2": failed to resolve reference "quay.io/bitnami/sealed-secrets-controller:v0.17.2": unexpected status from HEAD request to https://quay.io/v2/bitnami/sealed-secrets-controller/manifests/v0.17.2: 401 UNAUTHORIZED
Warning Failed 83s (x4 over 2m56s) kubelet Error: ErrImagePull
Warning Failed 72s (x6 over 2m56s) kubelet Error: ImagePullBackOff
Normal BackOff 60s (x7 over 2m56s) kubelet Back-off pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 2m57s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-757cc69b46-kgvh6 to spark
Normal Pulling 84s (x4 over 2m57s) kubelet Pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
Warning Failed 83s (x4 over 2m56s) kubelet Failed to pull image "quay.io/bitnami/sealed-secrets-controller:v0.17.2": failed to pull and unpack image "quay.io/bitnami/sealed-secrets-controller:v0.17.2": failed to resolve reference "quay.io/bitnami/sealed-secrets-controller:v0.17.2": unexpected status from HEAD request to https://quay.io/v2/bitnami/sealed-secrets-controller/manifests/v0.17.2: 401 UNAUTHORIZED
Warning Failed 83s (x4 over 2m56s) kubelet Error: ErrImagePull
Warning Failed 72s (x6 over 2m56s) kubelet Error: ImagePullBackOff
Normal BackOff 60s (x7 over 2m56s) kubelet Back-off pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.2"
test
OH
IT WAS THE VPN
ok
ok
what i did was
literally just...
copy this
when i updated the version to
2.x
on the helm thing
it broke because the values.yml got outdated
when i tried to revert to 1.x it didn't worked though... and i dont know why
but i will try to take a update values.yaml
and test it
hope theres nothing that i should change
reconnecting to vpn to force the reconciliation and let's hope for the best
it stills show as failed but..
now there's only 1 pod though
also on helmRelease describe
on the pod logs everything looks good too
so.. i don't know why there's an error on the kustomizations
did this and it worked
now i will try to fix the external-dns that was working but suddenly it is not anymore
:depressaum:
thanks for all the help
those commands you taught me really helped me understand a bit better what was happening
i think i will need some more help with more things but i will try to fix myself first
and there's my final boss because on the persistence thing
i really want to use
this
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
config--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
democratic-csi False Unknown Reconciliation in progress
external-dns main@sha1:61982a25 False False health check failed after 17.805419ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
letsencrypt-wildcard-cert main@sha1:a0c1404e False False dependency 'flux-system/sealed-secrets' is not ready
metallb--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
podinfo main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
sealed-secrets main@sha1:a0c1404e False False health check failed after 37.031102ms: failed early due to stalled resources: [Deployment/sealed-secrets/sealed-secrets status: 'Failed']
secret-replicator False False health check failed after 2m0.018070506s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
config--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
democratic-csi False Unknown Reconciliation in progress
external-dns main@sha1:61982a25 False False health check failed after 17.805419ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
letsencrypt-wildcard-cert main@sha1:a0c1404e False False dependency 'flux-system/sealed-secrets' is not ready
metallb--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
podinfo main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
sealed-secrets main@sha1:a0c1404e False False health check failed after 37.031102ms: failed early due to stalled resources: [Deployment/sealed-secrets/sealed-secrets status: 'Failed']
secret-replicator False False health check failed after 2m0.018070506s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m52s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-8489c8bd5f-7x9xz to spark
Normal Pulling 3m52s kubelet Pulling image "docker.io/bitnami/sealed-secrets-controller:0.26.3"
Normal Pulled 3m49s kubelet Successfully pulled image "docker.io/bitnami/sealed-secrets-controller:0.26.3" in 3.732s (3.732s including waiting)
Normal Created 3m49s kubelet Created container controller
Normal Started 3m49s kubelet Started container controller
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3m52s default-scheduler Successfully assigned sealed-secrets/sealed-secrets-8489c8bd5f-7x9xz to spark
Normal Pulling 3m52s kubelet Pulling image "docker.io/bitnami/sealed-secrets-controller:0.26.3"
Normal Pulled 3m49s kubelet Successfully pulled image "docker.io/bitnami/sealed-secrets-controller:0.26.3" in 3.732s (3.732s including waiting)
Normal Created 3m49s kubelet Created container controller
Normal Started 3m49s kubelet Started container controller
kubectl get pods -n sealed-secrets
NAME READY STATUS RESTARTS AGE
sealed-secrets-8489c8bd5f-7x9xz 1/1 Running 0 4m13s
kubectl get pods -n sealed-secrets
NAME READY STATUS RESTARTS AGE
sealed-secrets-8489c8bd5f-7x9xz 1/1 Running 0 4m13s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UpgradeSucceeded 4m37s helm-controller Helm upgrade succeeded for release sealed-secrets/sealed-secrets.v5 with chart [email protected]
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UpgradeSucceeded 4m37s helm-controller Helm upgrade succeeded for release sealed-secrets/sealed-secrets.v5 with chart [email protected]
flux reconcile kustomization sealed-secrets
āŗ annotating Kustomization sealed-secrets in flux-system namespace
ā Kustomization annotated
ā waiting for Kustomization reconciliation
ā applied revision main@sha1:cb630fbaf41362582ffafdc90a4f19c09f5969bf
flux reconcile kustomization sealed-secrets
āŗ annotating Kustomization sealed-secrets in flux-system namespace
ā Kustomization annotated
ā waiting for Kustomization reconciliation
ā applied revision main@sha1:cb630fbaf41362582ffafdc90a4f19c09f5969bf
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
config--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
democratic-csi False False health check failed after 10m0.01134547s: timeout waiting for: [HelmRelease/democratic-csi/democratic-csi status: 'InProgress']
external-dns main@sha1:61982a25 False False health check failed after 17.805419ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
letsencrypt-wildcard-cert main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
metallb--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
podinfo main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
sealed-secrets main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
secret-replicator False False health check failed after 2m0.018070506s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
flux get kustomizations
NAME REVISION SUSPENDED READY MESSAGE
cert-manager main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
config--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
democratic-csi False False health check failed after 10m0.01134547s: timeout waiting for: [HelmRelease/democratic-csi/democratic-csi status: 'InProgress']
external-dns main@sha1:61982a25 False False health check failed after 17.805419ms: failed early due to stalled resources: [HelmRelease/external-dns/external-dns status: 'Failed']
flux-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
letsencrypt-wildcard-cert main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
metallb--metallb-system main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
podinfo main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
sealed-secrets main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
secret-replicator False False health check failed after 2m0.018070506s: timeout waiting for: [Deployment/secret-replicator/secret-replicator status: 'NotFound']
traefik main@sha1:cb630fba False True Applied revision: main@sha1:cb630fba
Containers
Guide to configure TrueNAS CORE as backing storage for container solutions.
aaaaand, there's not a recipe for it
so
it will be me and me to check if i really did understand a thing...
i'm really grateful for all the help
:onti:
š Enjoy the ride!
and i already got stuck on something again.......
external-dns thing
kubectl describe helmrelease -n external-dns external-dns
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal HelmChartConfigured 52s (x2 over 15h) helm-controller Configured HelmChart/flux-system/external-dns-external-dns with SourceRef 'HelmRepository/flux-system/bitnami'
Warning UpgradeFailed 51s helm-controller Helm upgrade failed for release external-dns/external-dns with chart [email protected]: cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
Last Helm logs:
2024-05-29T04:33:10.677055634Z: Patch NetworkPolicy "external-dns" in namespace external-dns
2024-05-29T04:33:10.685140963Z: Patch PodDisruptionBudget "external-dns" in namespace external-dns
2024-05-29T04:33:10.703731502Z: Patch ServiceAccount "external-dns" in namespace external-dns
2024-05-29T04:33:10.723213197Z: Patch CustomResourceDefinition "dnsendpoints.externaldns.k8s.io" in namespace
2024-05-29T04:33:10.730337772Z: error updating the resource "dnsendpoints.externaldns.k8s.io":
cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
2024-05-29T04:33:10.735690355Z: Patch ClusterRole "external-dns-external-dns" in namespace
2024-05-29T04:33:10.74588789Z: Patch ClusterRoleBinding "external-dns-external-dns" in namespace
2024-05-29T04:33:10.754461621Z: Patch Service "external-dns" in namespace external-dns
2024-05-29T04:33:10.782852922Z: Patch Deployment "external-dns" in namespace external-dns
2024-05-29T04:33:10.810375466Z: warning: Upgrade "external-dns" failed: cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
kubectl describe helmrelease -n external-dns external-dns
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal HelmChartConfigured 52s (x2 over 15h) helm-controller Configured HelmChart/flux-system/external-dns-external-dns with SourceRef 'HelmRepository/flux-system/bitnami'
Warning UpgradeFailed 51s helm-controller Helm upgrade failed for release external-dns/external-dns with chart [email protected]: cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
Last Helm logs:
2024-05-29T04:33:10.677055634Z: Patch NetworkPolicy "external-dns" in namespace external-dns
2024-05-29T04:33:10.685140963Z: Patch PodDisruptionBudget "external-dns" in namespace external-dns
2024-05-29T04:33:10.703731502Z: Patch ServiceAccount "external-dns" in namespace external-dns
2024-05-29T04:33:10.723213197Z: Patch CustomResourceDefinition "dnsendpoints.externaldns.k8s.io" in namespace
2024-05-29T04:33:10.730337772Z: error updating the resource "dnsendpoints.externaldns.k8s.io":
cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
2024-05-29T04:33:10.735690355Z: Patch ClusterRole "external-dns-external-dns" in namespace
2024-05-29T04:33:10.74588789Z: Patch ClusterRoleBinding "external-dns-external-dns" in namespace
2024-05-29T04:33:10.754461621Z: Patch Service "external-dns" in namespace external-dns
2024-05-29T04:33:10.782852922Z: Patch Deployment "external-dns" in namespace external-dns
2024-05-29T04:33:10.810375466Z: warning: Upgrade "external-dns" failed: cannot patch "dnsendpoints.externaldns.k8s.io" with kind CustomResourceDefinition: CustomResourceDefinition.apiextensions.k8s.io "dnsendpoints.externaldns.k8s.io" is invalid: metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/enhancements/pull/1111
aaaand i found this https://github.com/bitnami/charts/issues/25967
GitHub
External-DNS Chart Broken with 7.3.3 due to removal of protected CR...
Name and Version bitnami/external-dns What architecture are you using? None What steps will reproduce the bug? Attempt to upgrade or install the external-dns chart at version 7.3.3. In our case, an...
so.. i think there's no fix by now? so i should downgrade?
š
but the version goes up to 7.5.2..
:comfyPanic:
why kubernetes is so confusing
:tristo:
i really really REALLY did love the docker swarm, but, i couldn't automate my NAS setup (which i can with the democratic-csi thing on kubernetes) on it
GitHub
External-DNS Chart Broken with 7.3.3 due to removal of protected CR...
Name and Version bitnami/external-dns What architecture are you using? None What steps will reproduce the bug? Attempt to upgrade or install the external-dns chart at version 7.3.3. In our case, an...
and here i go with my saga
(and documenting here to help someone on the future =D)
i will find a way to make it work, somehow, i really want to at least :')
nice
external-dns helmrelease/external-dns 7.3.2 False False Helm upgrade failed for release external-dns/external-dns with chart [email protected]: cannot patch "external-dns" with kind Deployment: Deployment.apps "external-dns" is invalid: spec.template.spec.containers[0].livenessProbe.tcpSocket: Forbidden: may not specify more than 1 handler type
external-dns helmrelease/external-dns 7.3.2 False False Helm upgrade failed for release external-dns/external-dns with chart [email protected]: cannot patch "external-dns" with kind Deployment: Deployment.apps "external-dns" is invalid: spec.template.spec.containers[0].livenessProbe.tcpSocket: Forbidden: may not specify more than 1 handler type
Failed to do run once: dnsendpoints.externaldns.k8s.io is forbidden: User \"system:serviceaccount:external-dns:external-dns\" cannot list resource \"dnsendpoints\" in API group \"externaldns.k8s.io\" at the cluster scope
Failed to do run once: dnsendpoints.externaldns.k8s.io is forbidden: User \"system:serviceaccount:external-dns:external-dns\" cannot list resource \"dnsendpoints\" in API group \"externaldns.k8s.io\" at the cluster scope
ooh, that looks like a problem!
i couldn't find anything about it yet
i tried recreating the secret for the cloudflare api token
searched for those things like the
tcpSocket one
but
nothing comes up
did the changes as the recipe says
tried with the "|-" and without, but appears to do the exactly same
as here theres no "|-" but, everyone else has this thing
i think it's prettier without it but i don't know if there's a reason for this symbol
i got this info about what's happening so far
(cut this one to only the error)
the helm repository don't show any anomaly i think
i dont. know what to do
:tristo:
kubectl get pods -n external-dns
NAME READY STATUS RESTARTS AGE
external-dns-c694456f6-cns4n 0/1 CrashLoopBackOff 6 (17s ago) 6m14s
kubectl get pods -n external-dns
NAME READY STATUS RESTARTS AGE
external-dns-c694456f6-cns4n 0/1 CrashLoopBackOff 6 (17s ago) 6m14s
kubectl logs -n external-dns -l app.kubernetes.io/name=external-dns
time="2024-05-29T20:30:24Z" level=fatal msg="Failed to do run once: dnsendpoints.externaldns.k8s.io is forbidden: User \"system:serviceaccount:external-dns:external-dns\" cannot list resource \"dnsendpoints\" in API group \"externaldns.k8s.io\" at the cluster scope"
kubectl logs -n external-dns -l app.kubernetes.io/name=external-dns
time="2024-05-29T20:30:24Z" level=fatal msg="Failed to do run once: dnsendpoints.externaldns.k8s.io is forbidden: User \"system:serviceaccount:external-dns:external-dns\" cannot list resource \"dnsendpoints\" in API group \"externaldns.k8s.io\" at the cluster scope"
kubectl describe pod -n external-dns external-dns
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned external-dns/external-dns-c694456f6-cns4n to main
Normal Pulled 9m36s (x5 over 11m) kubelet Container image "docker.io/bitnami/external-dns:0.14.2-debian-12-r0" already present on machine
Normal Created 9m36s (x5 over 11m) kubelet Created container external-dns
Normal Started 9m36s (x5 over 11m) kubelet Started container external-dns
Warning BackOff 71s (x51 over 11m) kubelet Back-off restarting failed container external-dns in pod external-dns-c694456f6-cns4n_external-dns(aabd45cd-a0d0-463b-9e45-251c7e9ac2e6)
kubectl describe pod -n external-dns external-dns
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 11m default-scheduler Successfully assigned external-dns/external-dns-c694456f6-cns4n to main
Normal Pulled 9m36s (x5 over 11m) kubelet Container image "docker.io/bitnami/external-dns:0.14.2-debian-12-r0" already present on machine
Normal Created 9m36s (x5 over 11m) kubelet Created container external-dns
Normal Started 9m36s (x5 over 11m) kubelet Started container external-dns
Warning BackOff 71s (x51 over 11m) kubelet Back-off restarting failed container external-dns in pod external-dns-c694456f6-cns4n_external-dns(aabd45cd-a0d0-463b-9e45-251c7e9ac2e6)
is there anything in the values.yaml about RBAC?
i will check
yes
it's the create: true thing
i did it from the guide
that's the CRD, but anything about RBAC? (could explain your access issues)
uh
rbac there's only this on the values
oh i saw it, theres rbac
its true
it's another thing (also true)
## RBAC parameters
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
##
rbac:
## @param rbac.create Whether to create & use RBAC resources or not
##
create: true
## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace`
##
clusterRole: true
## @param rbac.apiVersion Version of the RBAC API
##
apiVersion: v1
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
pspEnabled: false
## RBAC parameters
## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
##
rbac:
## @param rbac.create Whether to create & use RBAC resources or not
##
create: true
## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace`
##
clusterRole: true
## @param rbac.apiVersion Version of the RBAC API
##
apiVersion: v1
## @param rbac.pspEnabled Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
pspEnabled: false
mmm, yeah, so that should have worked..
:tristo:
any ideia on what to do here?
fix: delete the k3s and restart from the start
and now, without changing literally anything on the git repo
it works
š
why? no idea
but it worked
and maybe this is a dumb question but...
what's the appropriate folder?
:comfyPanic:
ok, and got another road block already
:despair:
here
i'm getting this
so when i saw the logs
kubectl describe certificate -n letsencrypt-wildcard-cert letsencrypt-wildcard-cert-stagingError from server (NotFound): certificates.cert-manager.io "letsencrypt-wildcard-cert-staging" not found
kubectl describe certificate -n letsencrypt-wildcard-cert letsencrypt-wildcard-cert-stagingError from server (NotFound): certificates.cert-manager.io "letsencrypt-wildcard-cert-staging" not found
ubectl logs -f -n cert-manager -l app.kubernetes.io/name=cert-manager
E0530 16:16:09.951155 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
I0530 16:16:10.472921 1 setup.go:208] "cert-manager/clusterissuers: skipping re-verifying ACME account as cached registration details look sufficient" resource_name="letsencrypt-staging" resource_namespace="" resource_kind="ClusterIssuer" resource_version="v1" related_resource_name="letsencrypt-staging" related_resource_namespace="cert-manager" related_resource_kind="Secret"
I0530 16:16:10.652496 1 setup.go:208] "cert-manager/clusterissuers: skipping re-verifying ACME account as cached registration details look sufficient" resource_name="letsencrypt-prod" resource_namespace="" resource_kind="ClusterIssuer" resource_version="v1" related_resource_name="letsencrypt-prod" related_resource_namespace="cert-manager" related_resource_kind="Secret"
E0530 16:16:14.951707 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:16:34.952373 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:17:14.953438 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:18:34.954548 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:21:14.956139 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:26:34.956766 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:37:14.957511 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
ubectl logs -f -n cert-manager -l app.kubernetes.io/name=cert-manager
E0530 16:16:09.951155 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
I0530 16:16:10.472921 1 setup.go:208] "cert-manager/clusterissuers: skipping re-verifying ACME account as cached registration details look sufficient" resource_name="letsencrypt-staging" resource_namespace="" resource_kind="ClusterIssuer" resource_version="v1" related_resource_name="letsencrypt-staging" related_resource_namespace="cert-manager" related_resource_kind="Secret"
I0530 16:16:10.652496 1 setup.go:208] "cert-manager/clusterissuers: skipping re-verifying ACME account as cached registration details look sufficient" resource_name="letsencrypt-prod" resource_namespace="" resource_kind="ClusterIssuer" resource_version="v1" related_resource_name="letsencrypt-prod" related_resource_namespace="cert-manager" related_resource_kind="Secret"
E0530 16:16:14.951707 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:16:34.952373 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:17:14.953438 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:18:34.954548 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:21:14.956139 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:26:34.956766 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
E0530 16:37:14.957511 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="error getting cloudflare secret: secret \"cloudflare-api-token-secret\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949"
i created the secret using this
only changed the
goobledegook for my cloudflare token
the same used on the external-dns thing
i'm trying to google it
but couldn't find anything usefull yet
more logs
maybe i forgot to change the example.com
:|
ok, i think it worked now
-1 problem
i still don't know this :')
how can i remove those example.com's?
(i'm felling bad for asking SO MANY questions... sorry for bothering you that much)
:tristo:
where i go there's new problems oh god
now it's the secret replicator
kubectl logs -f -n cert-manager -l app.kubernetes.io/name=cert-manager
E0530 17:04:13.785364 1 controller.go:167] "cert-manager/orders: re-queuing item due to error processing" err="challenges.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-2553915581"
E0530 17:04:13.787168 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949\" not found"
I0530 17:04:13.790500 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.790487079 +0000 UTC m=+2908.324818069
I0530 17:04:13.813849 1 controller.go:162] "cert-manager/certificates-readiness: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com" error="Operation cannot be fulfilled on certificates.cert-manager.io \"letsencrypt-wildcard-cert-example.com\": the object has been modified; please apply your changes to the latest version and try again"
I0530 17:04:13.814878 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.814865591 +0000 UTC m=+2908.349197070
I0530 17:04:13.829378 1 controller.go:162] "cert-manager/certificates-readiness: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com" error="Operation cannot be fulfilled on certificates.cert-manager.io \"letsencrypt-wildcard-cert-example.com\": the object has been modified; please apply your changes to the latest version and try again"
I0530 17:04:13.829817 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.829808145 +0000 UTC m=+2908.364139625
I0530 17:04:14.147211 1 controller.go:162] "cert-manager/challenges: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363" error="when updating the status: Operation cannot be fulfilled on challenges.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\": the object has been modified; please apply your changes to the latest version and try again"
E0530 17:04:15.115318 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\" not found"
E0530 17:04:19.147430 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\" not found"
kubectl logs -f -n cert-manager -l app.kubernetes.io/name=cert-manager
E0530 17:04:13.785364 1 controller.go:167] "cert-manager/orders: re-queuing item due to error processing" err="challenges.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949\" not found" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-2553915581"
E0530 17:04:13.787168 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-2977389949\" not found"
I0530 17:04:13.790500 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.790487079 +0000 UTC m=+2908.324818069
I0530 17:04:13.813849 1 controller.go:162] "cert-manager/certificates-readiness: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com" error="Operation cannot be fulfilled on certificates.cert-manager.io \"letsencrypt-wildcard-cert-example.com\": the object has been modified; please apply your changes to the latest version and try again"
I0530 17:04:13.814878 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.814865591 +0000 UTC m=+2908.349197070
I0530 17:04:13.829378 1 controller.go:162] "cert-manager/certificates-readiness: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com" error="Operation cannot be fulfilled on certificates.cert-manager.io \"letsencrypt-wildcard-cert-example.com\": the object has been modified; please apply your changes to the latest version and try again"
I0530 17:04:13.829817 1 conditions.go:192] Found status change for Certificate "letsencrypt-wildcard-cert-example.com" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2024-05-30 17:04:13.829808145 +0000 UTC m=+2908.364139625
I0530 17:04:14.147211 1 controller.go:162] "cert-manager/challenges: re-queuing item due to optimistic locking on resource" key="letsencrypt-wildcard-cert/letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363" error="when updating the status: Operation cannot be fulfilled on challenges.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\": the object has been modified; please apply your changes to the latest version and try again"
E0530 17:04:15.115318 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\" not found"
E0530 17:04:19.147430 1 controller.go:208] "cert-manager/challenges: challenge in work queue no longer exists" err="challenge.acme.cert-manager.io \"letsencrypt-wildcard-cert-example.com-p6jr2-25539155-4293008363\" not found"
kubectl describe certificate -n letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com
Name: letsencrypt-wildcard-cert-example.com
Namespace: letsencrypt-wildcard-cert
Labels: kustomize.toolkit.fluxcd.io/name=letsencrypt-wildcard-cert
kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2024-05-30T16:16:05Z
Generation: 1
Resource Version: 14019
UID: a05be61b-08da-4504-88e6-10d89d36cfad
Spec:
Dns Names:
raio.tech
*.raio.tech
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: letsencrypt-wildcard-cert-example.com
Status:
Conditions:
Last Transition Time: 2024-05-30T17:04:13Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Not After: 2024-08-28T16:04:11Z
Not Before: 2024-05-30T16:04:12Z
Renewal Time: 2024-07-29T16:04:11Z
Revision: 1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 14m cert-manager-certificates-issuing The certificate has been successfully issued
kubectl describe certificate -n letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com
Name: letsencrypt-wildcard-cert-example.com
Namespace: letsencrypt-wildcard-cert
Labels: kustomize.toolkit.fluxcd.io/name=letsencrypt-wildcard-cert
kustomize.toolkit.fluxcd.io/namespace=flux-system
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2024-05-30T16:16:05Z
Generation: 1
Resource Version: 14019
UID: a05be61b-08da-4504-88e6-10d89d36cfad
Spec:
Dns Names:
raio.tech
*.raio.tech
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: letsencrypt-wildcard-cert-example.com
Status:
Conditions:
Last Transition Time: 2024-05-30T17:04:13Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Not After: 2024-08-28T16:04:11Z
Not Before: 2024-05-30T16:04:12Z
Renewal Time: 2024-07-29T16:04:11Z
Revision: 1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 14m cert-manager-certificates-issuing The certificate has been successfully issued
kubectl get secrets -A | grep letsencrypt-wildcard-cert
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com kubernetes.io/tls 2 22m
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com-staging kubernetes.io/tls 2 23m
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-raio.tech kubernetes.io/tls 2 6m3s
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-raio.tech-staging kubernetes.io/tls 2 6m
kubectl get secrets -A | grep letsencrypt-wildcard-cert
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com kubernetes.io/tls 2 22m
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-example.com-staging kubernetes.io/tls 2 23m
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-raio.tech kubernetes.io/tls 2 6m3s
letsencrypt-wildcard-cert letsencrypt-wildcard-cert-raio.tech-staging kubernetes.io/tls 2 6m
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning InstallFailed 4m3s (x15 over 74m) helm-controller Helm install failed for release secret-replicator/secret-replicator with chart [email protected]: template: secret-replicator/templates/serviceaccount.yaml:1:18: executing "secret-replicator/templates/serviceaccount.yaml" at <.Values.rbac.enabled>: nil pointer evaluating interface {}.enabled
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning InstallFailed 4m3s (x15 over 74m) helm-controller Helm install failed for release secret-replicator/secret-replicator with chart [email protected]: template: secret-replicator/templates/serviceaccount.yaml:1:18: executing "secret-replicator/templates/serviceaccount.yaml" at <.Values.rbac.enabled>: nil pointer evaluating interface {}.enabled
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m55s default-scheduler Successfully assigned secret-replicator/secret-replicator-789dfbbc68-g5dqj to main
Normal Pulling 8m19s (x4 over 9m55s) kubelet Pulling image "kiwigrid/secret-replicator:0.2.0"
Warning Failed 8m18s (x4 over 9m54s) kubelet Failed to pull image "kiwigrid/secret-replicator:0.2.0": rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/kiwigrid/secret-replicator:0.2.0": failed to resolve reference "docker.io/kiwigrid/secret-replicator:0.2.0": docker.io/kiwigrid/secret-replicator:0.2.0: not found
Warning Failed 8m18s (x4 over 9m54s) kubelet Error: ErrImagePull
Warning Failed 8m6s (x6 over 9m53s) kubelet Error: ImagePullBackOff
Normal BackOff 4m54s (x19 over 9m53s) kubelet Back-off pulling image "kiwigrid/secret-replicator:0.2.0"
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m55s default-scheduler Successfully assigned secret-replicator/secret-replicator-789dfbbc68-g5dqj to main
Normal Pulling 8m19s (x4 over 9m55s) kubelet Pulling image "kiwigrid/secret-replicator:0.2.0"
Warning Failed 8m18s (x4 over 9m54s) kubelet Failed to pull image "kiwigrid/secret-replicator:0.2.0": rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/kiwigrid/secret-replicator:0.2.0": failed to resolve reference "docker.io/kiwigrid/secret-replicator:0.2.0": docker.io/kiwigrid/secret-replicator:0.2.0: not found
Warning Failed 8m18s (x4 over 9m54s) kubelet Error: ErrImagePull
Warning Failed 8m6s (x6 over 9m53s) kubelet Error: ImagePullBackOff
Normal BackOff 4m54s (x19 over 9m53s) kubelet Back-off pulling image "kiwigrid/secret-replicator:0.2.0"
somehow (dont know yet how) i managed to fix it
=D
now it's my final boss
the democratic-csi
no recipe for it..
:')
i wonder if i can use one of these as a base for setting it up
i can use more than 1?
sorry, missed all this.. yes, you can use more than one š
no problem
i'm still figuring How to use The democratic-csi
:`)