Comments (11)
jenkins-x.yml
buildPack: none
pipelineConfig:
pipelines:
pullRequest:
pipeline:
agent:
image: gcr.io/jenkinsxio/builder-go
stages:
- name: pr-checks
options:
containerOptions:
name: ""
resources: {}
volumeMounts:
- mountPath: /builder/home/.jx/localSecrets/currentCluster
name: local-secrets
readOnly: true
volumes:
- name: local-secrets
secret:
optional: true
secretName: local-param-secrets
steps:
- args:
- step
- verify
- values
- --values-file=parameters.yaml
- --schema-file=parameters.tmpl.schema.json
command: jx
dir: /workspace/source/env
name: verify-parameters
- args:
- build
command: make
dir: /workspace/source/env
name: lint-env-helm
release:
pipeline:
agent:
image: gcr.io/jenkinsxio/builder-go
environment:
- name: DEPLOY_NAMESPACE
value: jx
stages:
- name: release
options:
containerOptions:
name: ""
resources: {}
volumeMounts:
- mountPath: /builder/home/.jx/localSecrets/currentCluster
name: local-secrets
readOnly: true
volumes:
- name: local-secrets
secret:
optional: true
secretName: local-param-secrets
steps:
- args:
- step
- git
- validate
command: jx
dir: /workspace/source/env
name: validate-git
- args:
- step
- verify
- preinstall
- --provider-values-dir="kubeProviders"
command: jx
dir: /workspace/source
name: verify-preinstall
- args:
- upgrade
- crd
command: jx
name: install-jx-crds
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- velero
command: jx
dir: /workspace/source/systems/velero
env:
- name: DEPLOY_NAMESPACE
value: velero
name: install-velero
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- velero-backups
command: jx
dir: /workspace/source/systems/velero-backups
env:
- name: DEPLOY_NAMESPACE
value: velero
name: install-velero-backups
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- jxing
command: jx
dir: /workspace/source/systems/jxing
env:
- name: DEPLOY_NAMESPACE
value: kube-system
name: install-nginx-controller
- args:
- step
- create
- install
- values
- -b
command: jx
dir: /workspace/source/env
name: create-install-values
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- exdns
command: jx
dir: /workspace/source/systems/external-dns
name: install-external-dns
- args:
- apply
- --wait
- --validate=false
- -f
- https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
command: kubectl
dir: /workspace/source
env:
- name: DEPLOY_NAMESPACE
value: cert-manager
name: install-cert-manager-crds
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- cm
command: jx
dir: /workspace/source/systems/cm
env:
- name: DEPLOY_NAMESPACE
value: cert-manager
name: install-cert-manager
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- acme
command: jx
dir: /workspace/source/systems/acme
name: install-acme-issuer-and-certificate
- args:
- step
- boot
- vault
- --provider-values-dir
- ../../kubeProviders
command: jx
dir: /workspace/source/systems/vault
name: install-vault
- args:
- step
- create
- values
- --name
- parameters
command: jx
dir: /workspace/source/env
name: create-helm-values
- args:
- step
- create
- templated
- --parameters-file=../../env/parameters.yaml
- --requirements-dir=../../
- --template-file=jx-auth-configmap.tmpl.yaml
- --config-file=templates/jx-auth-configmap.yaml
command: jx
dir: /workspace/source/systems/jx-auth
name: create-jx-auth-config
- args:
- step
- helm
- apply
- --boot
- --remote
- --no-vault
- --name
- jx-auth
command: jx
dir: /workspace/source/systems/jx-auth
name: install-jx-auth-config
- args:
- step
- helm
- apply
- --boot
- --remote
- --name
- jenkins-x
- --provider-values-dir
- ../kubeProviders
command: jx
dir: /workspace/source/env
name: install-jenkins-x
- args:
- step
- verify
- env
command: jx
dir: /workspace/source
name: verify-jenkins-x-environment
- args:
- step
- helm
- apply
- --boot
- --name
- repos
command: jx
dir: /workspace/source/repositories
name: install-repositories
- args:
- step
- scheduler
- config
- apply
- --direct=true
command: jx
dir: /workspace/source/prowConfig
name: install-pipelines
- args:
- update
- webhooks
- --verbose
- --warn-on-fail
command: jx
dir: /workspace/source/repositories
name: update-webhooks
- args:
- step
- verify
- install
- --pod-wait-time
- 30m
command: jx
dir: /workspace/source/env
name: verify-installation
from terraform-aws-eks-jx.
Do you have the core-dns pods running (most probably a dns resolution issue, kubernetes cannot discover those pods by the dns names)? Any logs from the vault/core-dns pods?
from terraform-aws-eks-jx.
The only vault/core-dns pods I have is named below. What I think is happening is that a route53 record is not getting created as needed. All that gets created in my subdomain is a SOA and NS record. The documentation does not mention what it is supposed to be but I expect a wildcard for vault-jx that is an A or cname to point to the eks cluster. I tried creating one manually and it does not work.
kubectl describe pod exdns-external-dns-7c686cd8d6-bx7ck
Name: exdns-external-dns-7c686cd8d6-bx7ck
Namespace: jx
Priority: 0
Node: ip-10-0-1-154.ec2.internal/10.0.1.154
Start Time: Thu, 04 Jun 2020 15:21:16 -0500
Labels: app.kubernetes.io/instance=exdns
app.kubernetes.io/managed-by=Tiller
app.kubernetes.io/name=external-dns
helm.sh/chart=external-dns-3.1.1
pod-template-hash=7c686cd8d6
Annotations: kubernetes.io/psp: eks.privileged
Status: Running
IP: 10.0.1.197
IPs: <none>
Controlled By: ReplicaSet/exdns-external-dns-7c686cd8d6
Containers:
external-dns:
Container ID: docker://3a4f8fbaeb48124cbabddc28b257ec8bed0cef04a49279c1751d06dec901f3f2
Image: docker.io/bitnami/external-dns:0.7.2-debian-10-r0
Image ID: docker-pullable://bitnami/external-dns@sha256:47bb59cbe19611d9c474b387a1533ea80d4cb56aa33b8fb3c60c7086dc316f50
Port: 7979/TCP
Host Port: 0/TCP
Args:
--log-level=info
--log-format=text
--policy=upsert-only
--provider=aws
--registry=txt
--interval=1m
--source=ingress
--aws-batch-change-size=1000
State: Running
Started: Thu, 04 Jun 2020 15:21:24 -0500
Ready: True
Restart Count: 0
Liveness: http-get http://:http/healthz delay=10s timeout=5s period=10s #success=1 #failure=2
Readiness: http-get http://:http/healthz delay=5s timeout=5s period=10s #success=1 #failure=6
Environment:
AWS_DEFAULT_REGION: us-east-1
AWS_ROLE_ARN: arn:aws:iam::535580006495:role/tf-hl-jx-sa-role-external_dns-0WyhSGT3
AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token
Mounts:
/var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro)
/var/run/secrets/kubernetes.io/serviceaccount from exdns-external-dns-token-zj8dk (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
aws-iam-token:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 86400
exdns-external-dns-token-zj8dk:
Type: Secret (a volume populated by a Secret)
SecretName: exdns-external-dns-token-zj8dk
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 9m12s default-scheduler Successfully assigned jx/exdns-external-dns-7c686cd8d6-bx7ck to ip-10-0-1-154.ec2.internal
Normal Pulling 9m10s kubelet, ip-10-0-1-154.ec2.internal Pulling image "docker.io/bitnami/external-dns:0.7.2-debian-10-r0"
Normal Pulled 9m5s kubelet, ip-10-0-1-154.ec2.internal Successfully pulled image "docker.io/bitnami/external-dns:0.7.2-debian-10-r0"
Normal Created 9m4s kubelet, ip-10-0-1-154.ec2.internal Created container external-dns
Normal Started 9m4s kubelet, ip-10-0-1-154.ec2.internal Started container external-dns
from terraform-aws-eks-jx.
https://vault-jx.snipv1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299: dial tcp: lookup vault-jx.snip on snip:53
I think this is misconfiguration on your side. vault-jx.snipv1
should be vault-jx.snip**/*v1
What you can do is spawn a pod and try to access that URL given that it is not a vaild public DNS.
And you are using https which is not possible to do automatic certificate for since you are using a private local DNS.
Disable DNS for now in your jx-requirements.yaml
so you will use nip.io
ingress:
domain: ""
ignoreLoadBalancer: true
externalDNS: false
from terraform-aws-eks-jx.
I think this is misconfiguration on your side.
vault-jx.snipv1
should bevault-jx.snip**/*v1
I am pretty sure that is just a typo in my writeup. Thank you for the disable dns idea will try that today.
from terraform-aws-eks-jx.
Yeah same result with externaldns set to false. The URL is unavailable on public internet. Pods display no error messages. The only other relevant setting I can think of is ignoreLoadBalancer: true but I don't think that should matter.
STEP: install-vault command: /bin/sh -c jx step boot vault --provider-values-dir ../../kubeProviders in dir: /Users/a/code/jxmanage/jenkins-x-boot-config/systems/vault
? Do you want Jenkins X to create and manage Vault? Yes
Installing vault-operator operator with helm values: [image.repository=banzaicloud/vault-operator image.tag=0.5.3]
Vault operator installed in namespace jx
Applying vault ingress in namespace jx for vault name jx-vault-tf-jx-pumped
ingress.extensions/jx-vault-tf-jx-pumped created
Vault 'jx-vault-tf-jx-pumped' in namespace 'jx' created
STEP: create-helm-values command: /bin/sh -c jx step create values --name parameters in dir: /Users/a/code/jxmanage/jenkins-x-boot-config/env
defaulting to secret storage scheme vault found from requirements file at /Users/a/code/jxmanage/jenkins-x-boot-config/jx-requirements.yml
defaulting to secret base path to the cluster name tf-jx-pumped-whale found from requirements file at /Users/a/code/jxmanage/jenkins-x-boot-config/jx-requirements.yml
generated schema file /Users/a/code/jxmanage/jenkins-x-boot-config/env/parameters.schema.json from template /Users/a/code/jxmanage/jenkins-x-boot-config/env/parameters.tmpl.schema.json
Waiting for vault to be initialized and unsealed...
error: creating system vault URL client: wait for vault to be initialized and unsealed: reading vault health: Get https://vault-jx.snip/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299: dial tcp: lookup vault-jx.snip on snip:53: server misbehaving
error: failed to interpret pipeline file /Users/a/code/jxmanage/jenkins-x-boot-config/jenkins-x.yml: failed to run '/bin/sh -c jx step create values --name parameters' command in directory '/Users/a/code/jxmanage/jenkins-x-boot-config/env', output: ''
from terraform-aws-eks-jx.
A dns record is active for vault-jx pointing to the EKS resource. This happens with Vault.AutoCreate set to either true or false. The correct env variable for vault_user_secret and vault_user_id is set.
using version 2.1.62 of jx
CLI packages kubectl, git, helm seem to be setup correctly
NAME VERSION
jx 2.1.62
Kubernetes cluster v1.15.11-eks-af3caf
kubectl v1.13.2
git 2.23.0
? Do you want Jenkins X to create and manage Vault? Yes
Installing vault-operator operator with helm values: [image.repository=banzaicloud/vault-operator image.tag=0.5.3]
Vault operator installed in namespace jx
Applying vault ingress in namespace jx for vault name jx-vault-tf-jx-welcome
ingress.extensions/jx-vault-tf-jx-welcome unchanged
WARNING: Vault.AutoCreate is false but required property secretAccessKey is missing
Some of the required provided values are empty - We will create all resources
Creating vault resources with following values, us-east-1, jenkins-x-vault, vault-data, vault-unseal-tf-jx-welcomed-weevil-20200609175638948300000006
Vault CloudFormation stack created
You can watch progress in the CloudFormation console: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/stackinfo?stackId=arn:aws:cloudformation:us-east-1:535580006495:stack/jenkins-x-vault-stack9c09e0f/749fe340-aa81-11ea-8ba0-0abd62a7624a
error: unable to create/update Vault: unable to set cloud provider specific Vault configuration: unable to apply cloud provider config: an error occurred while creating the vaultCRD resources: executing the Vault CloudFormation : unable to create vault prerequisite resources: ResourceNotReady: failed waiting for successful resource state
error: failed to interpret pipeline file /Users/a/code/jxmanage/jenkins-x-boot-config/jenkins-x.yml: failed to run '/bin/sh -c jx step boot vault --provider-values-dir ../../kubeProviders' command in directory '/Users/a/code/jxmanage/jenkins-x-boot-config/systems/vault', output: ''
from terraform-aws-eks-jx.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://jenkins-x.io/community.
/lifecycle stale
from terraform-aws-eks-jx.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://jenkins-x.io/community.
/lifecycle rotten
from terraform-aws-eks-jx.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://jenkins-x.io/community.
/close
from terraform-aws-eks-jx.
@jenkins-x-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
.
Provide feedback via https://jenkins-x.io/community.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the jenkins-x/lighthouse repository.
from terraform-aws-eks-jx.
Related Issues (20)
- Additional_tags don't apply HOT 6
- S3 bucket still created when storage is disabled
- Add external_vault and vault_url to jx-boot-job-env-vars secret
- Provisioned IAM policy for Secrets Manager does not include ListSecrets action HOT 1
- boot job fails for AWS Secrets manager
- Terraform plan fails using aws tf version 3.73.0
- Update eks and vpc module versions (breaking changes) HOT 2
- Upgrade aws provider to 4
- Vault instance failing to create HOT 7
- Existing cluster demo broken HOT 4
- Resources not destroyed when using existing cluster HOT 5
- Passwords not set up correctly HOT 11
- TLS certs failing HOT 2
- Improve S3 IAM access
- new versions of cluster autoscaler require more actions HOT 1
- Create private zone DNS
- Outdated documentaion
- Terraform destroy failed
- Unable to deploy Jenkins-x 3 to EKS using Terraform modules HOT 2
- Terraform trying to delete Internet gateway before deleting the load balancer and fails.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-eks-jx.