Problem:
stim attempts to download kubectl-null if unable to determine the version of kube from the kube api.
Symptom details:
stim will auto-detect the version of kube cluster that it's deploying to and download the matching kubectl to a local cache. If you provide an invalid ca or token, stim can connect to the host you've specified, but fails to properly poll the kube api for the version because it fails to negotiate TLS and spits out a crypto error. Then stim tries to download version kubectl-null, which fails, and then describes a secondary failure checksumming the signature of the downloaded file :
$ stim deploy
✔ dev
✔ kube_cluster
2020-02-26 12:56:20.042054 [ INFO ] Deploying to 'dev' environment in instance: kube_cluster
2020-02-26 12:56:22.39546 [ INFO ] --- START Stim deploy - Docker container logs ---
Installing Vault version 1.2.4 to match server
vault version 1.2.4 exists in bin-cache, linking.
INFO[0000] Fetching secret OBFUSCATED/alertmanager/admin: version 0
INFO[0000] Fetching secret: OBFUSCATED/kube_cluster.mycloud.net/admin/kube-config
Generating kube-config for https://api.kube_cluster.mycloud.net based on environment variables credentials...
Cluster "default" set.
User "default" set.
Context "default" created.
Switched to context "default".
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Installing kubectl version null to match server
Installing kubectl version null
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 218 100 218 0 0 605 0 --:--:-- --:--:-- --:--:-- 605
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 223 100 223 0 0 796 0 --:--:-- --:--:-- --:--:-- 799
Error validating kubectl binary signature
2020-02-26 12:56:26.780443 [ INFO ] --- END Stim deploy - Docker container logs ---
2020-02-26 12:56:27.096356 [ FATAL ] Deployment to 'kube_cluster' resulted in non-zero exit code 1. Halting any further deployments...
Expected Behavior:
The auto-detection likely already checks if stim is unable to resolve a hostname, but needs to handle and abort if the version detected == "null". It already prints out the error message, IMO it just needs to detect that it failed to determine the version instead of trying to download the checksum file and a version of the binary that cannot exist.
Problem: stim attempts to download kubectl-null if unable to determine the version of kube from the kube api.
Symptom details: stim will auto-detect the version of kube cluster that it's deploying to and download the matching kubectl to a local cache. If you provide an invalid ca or token, stim can connect to the host you've specified, but fails to properly poll the kube api for the version because it fails to negotiate TLS and spits out a crypto error. Then stim tries to download version
kubectl-null, which fails, and then describes a secondary failure checksumming the signature of the downloaded file :Expected Behavior: The auto-detection likely already checks if stim is unable to resolve a hostname, but needs to handle and abort if the version detected == "null". It already prints out the error message, IMO it just needs to detect that it failed to determine the version instead of trying to download the checksum file and a version of the binary that cannot exist.