Comments (10)
Probably not a subnet issue. Check the logs of the pods. If there are no errors, get a shell to the pods and check if the services respond at the given ports.
from helm-charts.
Probably not a subnet issue. Check the logs of the pods. If there are no errors, get a shell to the pods and check if the services respond at the given ports.
I checked pods and there is no errors but still nothing works properly.
Thank you for your suggestion. I will check if services responds.
from helm-charts.
Any results?
from helm-charts.
@micw i have some results on further investigation. I can access admin dashboard and login and roundcube login page after i configured custom ingress-nginx loadbalancer that points directly to required services to investigate if that's an ingress problem. When i try to login to roundcube i get error that say "connection to database failed" I tried to configure to use external MySQL database but still same error occurs. My database deployment ran successfully without any errors or warnings, . I also have warnings on pods that have 80/443 ports "liveliness probe: connection refused". I can access them from outside. But as i can see they are not accessible from inside the pods itself. I even tried doing everything without helm-charts. But i experienced same problem that i service is unavailable from outside same as with default helm-charts configuration. Existing volume claim used successfully. One related problem that i have resolved was cert-manager health check ( same as liveliness probe ). I resolved that by modifying ingress-nginx configuration to use cluster external traffic policy instead of local so that my pods could call each others without. I spent 20 hours on this unsuccessfully.
from helm-charts.
One thing I just saw is "tlsFlavor: letsencrypt" - that won't work with certmanager. The option was added by a PR recently. Unfortunately the doc was a bit missleading - I updated it a few days ago. You need to use the default "cert" here.
Probably not the only issue in your setup but at least one.
from helm-charts.
@micw Ok. I will try that tomorrow and will leave a comment about situation and how this is going on. Thank you.
from helm-charts.
BTW, which cloud provider are you using?
from helm-charts.
@micw Still failed to deploy successfully. I'm not using any cloud provider. Everything I do is on baremetal ( 5-10x cheaper ) - Microk8s + addons ( metallb, dns, storage, helm ). By the way everything I have deployed worked OK including cert-manager. I think that the problem could be the ingress configurations.
from helm-charts.
I see. Nevertheless, I'll close this issue since it's not a report of a particular bug nor a feature request. The issue tracker is not the right place to debug your installation. Please use the chat. You will find me there as well as others who deploy an various k8s flavors.
from helm-charts.
Hello
i have the same issue pulling from the latest chart today.
steps:
helm repo add
helm template -name mail-service mailu/mailu -f values.xml >> my manifest.yaml
updated the SUBNETs that are there from 10.42.0.0./16 to our values.
kubectl apply -f my_manifest.yaml
i get the same issue as the OP, we can see that admin is doing an liveness probe and then getting hung on setting up SQL DB.
here is the logs from Admin
[SQL: SELECT domain.created_at AS domain_created_at, domain.updated_at AS domain_updated_at, domain.comment AS domain_comment, domain.name AS domain_name, domain.max_users AS domain_max_users, domain.max_aliases AS domain_max_aliases, domain.max_quota_bytes AS domain_max_quota_bytes, domain.signup_enabled AS domain_signup_enabled
FROM domain
WHERE domain.signup_enabled = 1]
(Background on this error at: http://sqlalche.me/e/e3q8)
10.196.225.51 - - [14/May/2021:22:36:39 +0000] "GET /ui/login HTTP/1.1" 500 290 "-" "kube-probe/1.18"
[2021-05-14 22:36:44,897] ERROR in app: Exception on /ui/login [GET]
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1243, in _execute_context
self.dialect.do_execute(
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 552, in do_execute
cursor.execute(statement, parameters)
sqlite3.OperationalError: no such table: domain
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.8/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.8/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3.8/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/usr/lib/python3.8/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.8/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functionsrule.endpoint
File "/app/mailu/ui/views/base.py", line 26, in login
return flask.render_template('login.html', form=form)
File "/usr/lib/python3.8/site-packages/flask/templating.py", line 133, in render_template
ctx.app.update_template_context(context)
File "/usr/lib/python3.8/site-packages/flask/app.py", line 792, in update_template_context
context.update(func())
File "/app/mailu/init.py", line 37, in inject_defaults
signup_domains = models.Domain.query.filter_by(signup_enabled=True).all()
File "/usr/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3161, in all
return list(self)
File "/usr/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3317, in iter
return self._execute_and_instances(context)
File "/usr/lib/python3.8/site-packages/sqlalchemy/orm/query.py", line 3342, in _execute_and_instances
result = conn.execute(querycontext.statement, self._params)
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 988, in execute
return meth(self, multiparams, params)
File "/usr/lib/python3.8/site-packages/sqlalchemy/sql/elements.py", line 287, in _execute_on_connection
return connection._execute_clauseelement(self, multiparams, params)
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1101, in _execute_clauseelement
ret = self._execute_context(
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1247, in _execute_context
self._handle_dbapi_exception(
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1466, in _handle_dbapi_exception
util.raise_from_cause(sqlalchemy_exception, exc_info)
File "/usr/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 383, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/usr/lib/python3.8/site-packages/sqlalchemy/util/compat.py", line 128, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/base.py", line 1243, in _execute_context
self.dialect.do_execute(
File "/usr/lib/python3.8/site-packages/sqlalchemy/engine/default.py", line 552, in do_execute
cursor.execute(statement, parameters)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) no such table: domain
Since its the default - sql lite implementation, we then go over and see that from the deployment there are three services that "arent working"
[dasm@tiserv-ci-00 part2]$ kubectl get pods -n secops-system
NAME READY STATUS RESTARTS AGE
secops-mail-server-mailu-admin-868487c86d-wvtfz 0/1 Running 1 5m59s
secops-mail-server-mailu-admin-d9947d758-mbsbf 0/1 Running 0 3m39s
secops-mail-server-mailu-clamav-7975784689-gzkqs 1/1 Running 0 5m59s
secops-mail-server-mailu-dovecot-549f8fbb4-zr6fd 1/1 Running 0 5m59s
secops-mail-server-mailu-front-7c5dd96647-5r4pw 1/1 Running 0 5m59s
secops-mail-server-mailu-postfix-58f4575d8c-fxtpl 0/1 Running 1 5m59s
secops-mail-server-mailu-redis-5b84b5d987-sbsfd 1/1 Running 0 5m59s
secops-mail-server-mailu-roundcube-5d4685b7f8-7f72v 0/1 Running 3 5m58s
secops-mail-server-mailu-rspamd-6984749897-rt7w2 1/1 Running 0 5m58s
[dasm@tiserv-ci-00 part2]$
ADMIN, POSTFIX and ROUNDCUBE - the common element there is the implementation of sqlite using the shared PVC.
looking at ADMIN gives nothing more than above.
ROUNDCUBE doesnt emit any logs by default
POSTFIX gives us a clue however, in that we can see the PVC that is mounted doesnt have the correct permissions when writing to the shared PVC or at least is not he owner that it things.
[dasm@tiserv-ci-00 part2]$ kubectl logs -f secops-mail-server-mailu-postfix-58f4575d8c-fxtpl -n secops-system
May 14 22:37:21 mail postfix[51]: Postfix is running with backwards-compatible default settings
May 14 22:37:21 mail postfix[51]: See http://www.postfix.org/COMPATIBILITY_README.html for details
May 14 22:37:21 mail postfix[51]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
May 14 22:37:22 mail postfix[266]: Postfix is running with backwards-compatible default settings
May 14 22:37:22 mail postfix[266]: See http://www.postfix.org/COMPATIBILITY_README.html for details
May 14 22:37:22 mail postfix[266]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
May 14 22:37:22 mail postfix/postfix-script[316]: warning: group or other writable: /queue/.
May 14 22:37:22 mail postfix/postfix-script[317]: warning: group or other writable: /queue/pid
May 14 22:37:22 mail postfix/postfix-script[330]: warning: not owned by postfix: /queue/active
May 14 22:37:22 mail postfix/postfix-script[331]: warning: not owned by postfix: /queue/bounce
May 14 22:37:22 mail postfix/postfix-script[332]: warning: not owned by postfix: /queue/corrupt
May 14 22:37:22 mail postfix/postfix-script[333]: warning: not owned by postfix: /queue/defer
May 14 22:37:22 mail postfix/postfix-script[334]: warning: not owned by postfix: /queue/deferred
May 14 22:37:22 mail postfix/postfix-script[335]: warning: not owned by postfix: /queue/flush
May 14 22:37:22 mail postfix/postfix-script[336]: warning: not owned by postfix: /queue/hold
May 14 22:37:22 mail postfix/postfix-script[337]: warning: not owned by postfix: /queue/incoming
May 14 22:37:22 mail postfix/postfix-script[338]: warning: not owned by postfix: /queue/private
May 14 22:37:22 mail postfix/postfix-script[339]: warning: not owned by postfix: /queue/public
May 14 22:37:22 mail postfix/postfix-script[340]: warning: not owned by postfix: /queue/saved
May 14 22:37:22 mail postfix/postfix-script[341]: warning: not owned by postfix: /queue/trace
May 14 22:37:22 mail postfix/postfix-script[343]: warning: not owned by postfix: /queue/maildrop
May 14 22:37:23 mail postfix/postfix-script[345]: warning: not owned by group postdrop: /queue/public
May 14 22:37:23 mail postfix/postfix-script[346]: warning: not owned by group postdrop: /queue/maildrop
May 14 22:37:23 mail postfix/postfix-script[349]: starting the Postfix mail system
So, i think the chain is that ADMIN is not sending back Liveness probe (thus you dont see runnning) because admin is failing to start cause it cant get the SQLITE DB, POSTFIX starts, but then doesnt send back a liveness probe either.> Roundcube neither.. thus i suspect the SQLITE implementation (whcih ties these together) is impacted
Looking into RoundCube now, i see that same 10.46.0.0/16 SUBNET defined in there, so will try to fix that, but i suspect the liveness probe failure stil comes back to something on the disk with that sqlite coming up - since none of the three components taht use it are working now. the "network error in k8s describe pods" is not a networking issue, since until the component have their DB they cant return http 200
[dasm@tiserv-ci-00 part2]$ kubectl describe pod secops-mail-server-mailu-roundcube-5d4685b7f8-7f72v -n secops-system
Name: secops-mail-server-mailu-roundcube-5d4685b7f8-7f72v
Namespace: secops-system
Priority: 0
Node: aks-default2-25272590-vmss000001/10.196.225.51
Start Time: Fri, 14 May 2021 22:31:45 +0000
Labels: app=secops-mail-server-mailu
component=roundcube
pod-template-hash=5d4685b7f8
Annotations:
Status: Running
IP: 10.196.225.105
IPs:
IP: 10.196.225.105
Controlled By: ReplicaSet/secops-mail-server-mailu-roundcube-5d4685b7f8
Containers:
roundcube:
Container ID: docker://82fb6a599f6d905e6877df94a3b5157655bed3e86f52e062c55fa33fcb9f4bb0
Image: mailu/roundcube:1.8
Image ID: docker-pullable://mailu/roundcube@sha256:2f8ef3466fae7445c60ba35f72cf8535fd768490a7ede819f69f18d27ec08010
Port: 80/TCP
Host Port: 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 14 May 2021 22:38:22 +0000
Finished: Fri, 14 May 2021 22:40:23 +0000
Ready: False
Restart Count: 4
Limits:
cpu: 200m
memory: 200Mi
Requests:
cpu: 100m
memory: 100Mi
Liveness: http-get http://:http/ delay=0s timeout=5s period=5s #success=1 #failure=30
Readiness: http-get http://:http/ delay=0s timeout=5s period=10s #success=1 #failure=1
Environment:
MESSAGE_SIZE_LIMIT: 20971520
IMAP_ADDRESS: secops-mail-server-mailu-dovecot
FRONT_ADDRESS: secops-mail-server-mailu-front
SECRET_KEY: S0m3th!ngGr38t
SUBNET: 10.42.0.0/16
ROUNDCUBE_DB_FLAVOR: sqlite
Mounts:
/data from data (rw,path="roundcube")
/var/run/secrets/kubernetes.io/serviceaccount from default-token-9lsgv (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: secops-mail-server-mailu-storage
ReadOnly: false
default-token-9lsgv:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-9lsgv
Optional: false
QoS Class: Burstable
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Scheduled 9m15s default-scheduler Successfully assigned secops-system/secops-mail-server-mailu-roundcube-5d4685b7f8-7f72v to aks-default2-25272590-vmss000001
Normal Pulling 9m9s kubelet Pulling image "mailu/roundcube:1.8"
Normal Pulled 9m9s kubelet Successfully pulled image "mailu/roundcube:1.8"
Normal Created 9m9s kubelet Created container roundcube
Normal Started 9m8s kubelet Started container roundcube
Warning Unhealthy 8m (x14 over 9m2s) kubelet Liveness probe failed: Get http://10.196.225.105:80/: dial tcp 10.196.225.105:80: connect: connection refused
Warning Unhealthy 8m (x7 over 9m) kubelet Readiness probe failed: Get http://10.196.225.105:80/: dial tcp 10.196.225.105:80: connect: connection refused
Warning BackOff 4m8s kubelet Back-off restarting failed container
[dasm@tiserv-ci-00 part2]$
from helm-charts.
Related Issues (20)
- [BUG] Default configuration disables outbound TLS of Postfix HOT 3
- fix(admin): relation "domain" does not exist for postgres HOT 1
- treafik support HOT 2
- [BUG] rspamd: DNS reply returned 'no error' for dwl.dnswl.org while 'no records with this name' was expected when querying for 'LkJBkdnhL-tpa.dwl.dnswl.org' (likely DNS spoofing or BL internal issues) HOT 3
- feat: providing existing certificate for `imaps`, `pop3s`, `smtps`(465), and `starttls`(587), etc HOT 4
- No rate limit internal email? HOT 3
- Error: failed to prepare subPath for volumeMount "data" of container HOT 2
- [BUG] global.storageClass is not applied to single_pvc HOT 2
- [BUG] externalRedis,No password attribute HOT 4
- mailu-front: using reloader on k8s HOT 4
- Whenever I restart my kubernetes cluster running mailu my user accounts are lost. HOT 1
- [BUG] Using an external MariaDB database causes admin pod to fail starting HOT 1
- Hostname Test fails for valid domain 123_123_123_123.example.org HOT 3
- Too many redirects HOT 2
- [BUG] Admin Pod restarting endlessly due to probes failing HOT 4
- How to control outgoing mails in a multi node cluster? HOT 2
- [BUG] Dovecot Pod does not have valid certs for lmtp when front is provided with ExistingSecret HOT 1
- Please add an option to disable rspamd HOT 4
- [BUG] Non-working parameters parameters in values.yaml "nodeSelector" and "affinity" HOT 6
- [BUG] dovecot data mount point HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-charts.