Closed draschke closed 3 years ago
Can you confirm that you deployed all resources in the provider subaccount correctly (e.g. are all pods in state running
)? And does your consumer subaccount live in the same region as the provider subaccount?
The only one thing, that didn't work for me before, was that I had an issue with creating the "secrets". Everythings seems fine while creating the secrets, but as soon as I click the link sm-credentials, I see only an empty view.
{
"clientid": "",
"clientsecret": "",
"sm_url": "",
"url": "",
"xsappname": ""
}
Maybe you know this issue... Thanks!
I don't know the issue but this surely explains why the deployments failed and why you don't see the SaaS option in the consumer sa.
Are these values also empty in the faq-container-key.json
file? If so, I recommend that you go back to the following command and run everything from there again:
cf create-service-key faq-saas-container faq-container-key
cf service-key faq-saas-container faq-container-key | tail -n +3 > faq-container-key.json
No, sorry. I removed only the values. It shows only the structure of the faq-container-key.json file.
My command is a little bit different, because I'm on Windows I had to change the command to
cf service-key faq-saas-container faq-container-key > faq-container-key.json
and removed the first three lines manually. But this shouldn't cause the issue.
I tried it today again (removed and recreated "secrets"), but the same result.
this is the error msg from the Console:
react-dom.production.min.js:196 DOMException: Failed to execute 'btoa' on 'Window': The string to be encoded contains characters outside of the Latin1 range.
So you mean that you removed the values for the post here (which makes sense) but the values are part of the file?
I wouldn't focus on the UI error that you get in the Kyma console. Can you decode and read the secret with kubectl
:
https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret
I can see the sm-credentials
PS C:\git\kyma-mtx-faq-management>
kubectl get secrets --namespace project-faq
NAME TYPE DATA AGE
sm-credentials Opaque 1 139m
I could fetch the encoded secrets with
kubectl get secret sm-credentials -o jsonpath='{.data.credentials}' --namespace project-faq
But decoding with this command doesn't work for me
echo 'MWYyZDFlMmU2N2Rm' | base64 --decode
tried also
kubectl get secret sm-credentials -o jsonpath='{.data.credentials}' | base64 --decode --namespace project-faq
but I'm wondering because my base64 (//57AA0ACgAgACIAYwBsAGkAZQBuAHQAaQBkAC...) is starting with //
maybe I need to switch to Linux
Yes, that decoding seems to be a problem with Windows. I'm sure the Windows terminal has an equivalent command - or you could use the Git Bash to decode it I heard that WSL works quite good but I don't expect that the the base64 encoding is causing you problem. It's probably related to the deployment.
Have a look at your Kyma namespace to see if
All deployments are running:
All pods are running (it's ok if some of them restarted once or twice)
These two service instances were created
I suspect that your service instance is missing or that the provisioning failed
Thanks!
Realized that my faq-backend fails. (there was yesterday an other msg which I wasn't able to understand)
kubectl get deployment faq-backend --namespace project-faq
NAME READY UP-TO-DATE AVAILABLE AGE
faq-backend 0/1 1 0 2m9s
But I saw that this deployment needs the secrets SM_CREDENTIALS in the .yaml file. So I guess that this deployment isn't able to start without the secrets and runs in this error.
Yes, that causes the problem. Can you paste the error log of the deployment (or better: the pod that belongs to the deployment) here?
tried to find out what the command is, but wasn't able to find it
don't know if this helps:
kubectl get pod faq-backend-746649fd4-j99xj --namespace project-faq
NAME READY STATUS RESTARTS AGE
faq-backend-746649fd4-j99xj 1/2 CrashLoopBackOff 10 27m
back-off 5m0s restarting failed container=faq-backend pod=faq-backend-746649fd4-j99xj_project-faq(a6774b76-28ff-44d0-8210-7a7ae80e4260)
Yes, that's the place. You can click there on the three dots and select "show logs". This UI will only show you the past X minutes. But you can remove the entire pods (... -> delete) and then inspect the logs of the newly added pod.
Let me know if you need more. Thanks
<!--StartFragment--><div class="fd-panel fd-has-padding-small fd-has-padding-right-regular fd-has-padding-left-regular sticky-header" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-numeric: inherit; font-variant-east-asian: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; --fd-panel-background-color:var(--fd-color-background-2,#fff); --fd-panel-border-color:var(--fd-color-neutral-2,#eeeeef); --fd-panel-box-shadow-color:var(--fd-color-neutral-2,#eeeeef); --fd-panel-divider-color:var(--fd-panel-border-color,var(--fd-color-neutral-2,#eeeeef)); --fd-panel-title-color:var(--fd-color-text-1,#32363a); background-color: var(--fd-panel-background-color,#fff); box-shadow: 0 5px 20px 0 var(--fd-panel-box-shadow-color,var(--fd-color-neutral-2,#eeeeef)); --fd-panel-border-width:0; border-radius: 4px; color: rgb(50, 54, 58); -webkit-font-smoothing: antialiased; position: sticky; top: 0px; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><section class="compact-header" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline; display: flex; justify-content: space-between;"><h1 class="fd-has-type-3" style="box-sizing: inherit; margin: 0px 0px 12px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 20px; line-height: 1.4; font-family: inherit; vertical-align: baseline; text-rendering: optimizelegibility;">Logs</h1><div class="fd-has-display-flex" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline; display: flex !important;"><section class="fd-has-margin-right-small" style="box-sizing: inherit; margin-top: 0px; margin-right: 16px !important; margin-bottom: 0px; margin-left: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline; display: block;"><span class="caption-muted search-input__caption" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 0.85714rem; line-height: inherit; font-family: inherit; vertical-align: baseline; color: var(--fd-color-text-3);"></span><input type="text" class="search-input--compact" placeholder="Search" id="search-input" value="" style="box-sizing: border-box; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; line-height: 1.42857; font-weight: 400; appearance: textfield; font-size: inherit; outline: 0px; color: var(--fd-forms-color); border-width: 1px; border-style: solid; border-image: initial; border-color: var(--fd-forms-border-color); background-color: var(--fd-forms-background-color); border-radius: 4px; transition: border-color 125ms ease 0s; padding-left: 12px; padding-right: 12px; height: var(--fd-forms-height); width: 191.484px; display: block;"></section><span class="link-button fd-has-type-minus-1" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 12px; line-height: 1.33333; font-family: inherit; vertical-align: baseline; color: var(--fd-color-action-1); cursor: pointer;"><div class="fd-popover" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; display: inline-block;"><div style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline;"><div class="fd-popover__control" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; cursor: pointer;"><button tabindex="0" role="button" aria-controls="fd-jWv1S69Lb" aria-expanded="false" aria-haspopup="true" class="fd-button--light sap-icon--action-settings fd-has-margin-right-tiny" style="box-sizing: border-box; --fd-button-color:var(--fd-color-action-1,#0a6ed1); --fd-button-border-color:transparent; --fd-button-background-color:transparent; height: var(--fd-forms-height,36px); max-height: var(--fd-forms-height,36px); min-width: var(--fd-forms-height,36px); font-size: 14px; line-height: var(--fd-button-line-height,34px); color: var(--fd-button-color,#0a6ed1); border-color: var(--fd-button-border-color,transparent); border-style: solid; border-width: 1px; border-image: initial; background-color: var(--fd-button-background-color,transparent); font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; -webkit-font-smoothing: antialiased; display: inline-block; margin-top: 0px; margin-right: 8px !important; margin-bottom: 0px; margin-left: 0px; appearance: none; outline: 0px; text-decoration: none; cursor: pointer; user-select: none; vertical-align: middle; white-space: nowrap; border-radius: 4px; font-weight: 400; padding: 0px; text-align: center; transition: all 125ms ease-in 0s;"></button></div></div></div></span><button data-test-id="auto-refresh-button" class="fd-button--light sap-icon--media-pause link-button fd-has-margin-right-tiny fd-has-type-minus-1" style="box-sizing: border-box; --fd-button-color:var(--fd-color-action-1,#0a6ed1); --fd-button-border-color:transparent; --fd-button-background-color:transparent; height: var(--fd-forms-height,36px); max-height: var(--fd-forms-height,36px); min-width: var(--fd-forms-height,36px); font-size: 12px; line-height: 1.33333; color: var(--fd-color-action-1); border-color: var(--fd-button-border-color,transparent); border-style: solid; border-width: 1px; border-image: initial; background-color: var(--fd-button-background-color,transparent); font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; -webkit-font-smoothing: antialiased; display: inline-block; margin-top: 0px; margin-right: 8px !important; margin-bottom: 0px; margin-left: 0px; appearance: none; outline: 0px; text-decoration: none; cursor: pointer; user-select: none; vertical-align: middle; white-space: nowrap; border-radius: 4px; font-weight: 400; padding: 0px 12px; text-align: center; transition: all 125ms ease-in 0s;">auto refresh</button><span class="link-button fd-has-type-minus-1 select-dropdown" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 12px; line-height: 1.33333; font-family: inherit; vertical-align: baseline; color: var(--fd-color-action-1); cursor: pointer;"><div class="fd-popover" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; display: inline-block;"><div style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline;"><div class="fd-popover__control" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; cursor: pointer;"><button tabindex="0" role="button" aria-controls="fd-cmitIJivdz" aria-expanded="false" aria-haspopup="true" class="fd-button--light sap-icon--past fd-has-margin-right-tiny" style="box-sizing: border-box; --fd-button-color:var(--fd-color-action-1,#0a6ed1); --fd-button-border-color:transparent; --fd-button-background-color:transparent; height: var(--fd-forms-height,36px); max-height: var(--fd-forms-height,36px); min-width: var(--fd-forms-height,36px); font-size: 14px; line-height: var(--fd-button-line-height,34px); color: var(--fd-button-color,#0a6ed1); border-color: var(--fd-button-border-color,transparent); border-style: solid; border-width: 1px; border-image: initial; background-color: var(--fd-button-background-color,transparent); font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; -webkit-font-smoothing: antialiased; display: inline-block; margin-top: 0px; margin-right: 8px !important; margin-bottom: 0px; margin-left: 0px; appearance: none; outline: 0px; text-decoration: none; cursor: pointer; user-select: none; vertical-align: middle; white-space: nowrap; border-radius: 4px; font-weight: 400; padding: 0px; text-align: center; transition: all 125ms ease-in 0s;"></button></div></div></div></span><span class="link-button fd-has-type-minus-1 select-dropdown" style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 12px; line-height: 1.33333; font-family: inherit; vertical-align: baseline; color: var(--fd-color-action-1); cursor: pointer;"><div class="fd-popover" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; display: inline-block;"><div style="box-sizing: inherit; margin: 0px; padding: 0px; border: 0px; font: inherit; vertical-align: baseline;"><div class="fd-popover__control" style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: 400; font-stretch: inherit; font-size: 14px; line-height: 1.42857; font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; vertical-align: baseline; color: var(--fd-color-text-1,#32363a); -webkit-font-smoothing: antialiased; position: relative; cursor: pointer;"><button tabindex="0" role="button" aria-controls="fd-SF9OFodQHu" aria-expanded="false" aria-haspopup="true" class="fd-button--light sap-icon--sort fd-has-margin-right-tiny" style="box-sizing: border-box; --fd-button-color:var(--fd-color-action-1,#0a6ed1); --fd-button-border-color:transparent; --fd-button-background-color:transparent; height: var(--fd-forms-height,36px); max-height: var(--fd-forms-height,36px); min-width: var(--fd-forms-height,36px); font-size: 14px; line-height: var(--fd-button-line-height,34px); color: var(--fd-button-color,#0a6ed1); border-color: var(--fd-button-border-color,transparent); border-style: solid; border-width: 1px; border-image: initial; background-color: var(--fd-button-background-color,transparent); font-family: "72", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; -webkit-font-smoothing: antialiased; display: inline-block; margin-top: 0px; margin-right: 8px !important; margin-bottom: 0px; margin-left: 0px; appearance: none; outline: 0px; text-decoration: none; cursor: pointer; user-select: none; vertical-align: middle; white-space: nowrap; border-radius: 4px; font-weight: 400; padding: 0px; text-align: center; transition: all 125ms ease-in 0s;"></button></div></div></div></span></div></section></div>
Timestamp | Log
-- | --
2021-06-01T11:14:11.407530631Z | {"log":"# Completed on Tue Jun 1 11:14:11 2021 ","time":"2021-06-01T11:14:11.407530631Z"}
2021-06-01T11:14:11.407525731Z | {"log":"COMMIT ","time":"2021-06-01T11:14:11.407525731Z"}
2021-06-01T11:14:11.407520431Z | {"log":"-A ISTIO_REDIRECT -p tcp -j REDIRECT --to-ports 15001 ","time":"2021-06-01T11:14:11.407520431Z"}
2021-06-01T11:14:11.407515831Z | {"log":"-A ISTIO_OUTPUT -j ISTIO_REDIRECT ","time":"2021-06-01T11:14:11.407515831Z"}
2021-06-01T11:14:11.407510931Z | {"log":"-A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN ","time":"2021-06-01T11:14:11.407510931Z"}
2021-06-01T11:14:11.407505631Z | {"log":"-A ISTIO_OUTPUT -m owner --gid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.407505631Z"}
2021-06-01T11:14:11.407500831Z | {"log":"-A ISTIO_OUTPUT -o lo -m owner ! --gid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.407500831Z"}
2021-06-01T11:14:11.407496131Z | {"log":"-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -m owner --gid-owner 1337 -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.407496131Z"}
2021-06-01T11:14:11.407491231Z | {"log":"-A ISTIO_OUTPUT -m owner --uid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.407491231Z"}
2021-06-01T11:14:11.407486731Z | {"log":"-A ISTIO_OUTPUT -o lo -m owner ! --uid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.407486731Z"}
2021-06-01T11:14:11.407481131Z | {"log":"-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -m owner --uid-owner 1337 -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.407481131Z"}
2021-06-01T11:14:11.407467631Z | {"log":"-A ISTIO_OUTPUT -s 127.0.0.6/32 -o lo -j RETURN ","time":"2021-06-01T11:14:11.407467631Z"}
2021-06-01T11:14:11.407432531Z | {"log":"-A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006 ","time":"2021-06-01T11:14:11.407432531Z"}
2021-06-01T11:14:11.407427631Z | {"log":"-A ISTIO_INBOUND -p tcp -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.407427631Z"}
2021-06-01T11:14:11.407422831Z | {"log":"-A ISTIO_INBOUND -p tcp -m tcp --dport 15020 -j RETURN ","time":"2021-06-01T11:14:11.407422831Z"}
2021-06-01T11:14:11.407416831Z | {"log":"-A ISTIO_INBOUND -p tcp -m tcp --dport 15021 -j RETURN ","time":"2021-06-01T11:14:11.407416831Z"}
2021-06-01T11:14:11.407394531Z | {"log":"-A ISTIO_INBOUND -p tcp -m tcp --dport 15090 -j RETURN ","time":"2021-06-01T11:14:11.407394531Z"}
2021-06-01T11:14:11.407389331Z | {"log":"-A ISTIO_INBOUND -p tcp -m tcp --dport 22 -j RETURN ","time":"2021-06-01T11:14:11.407389331Z"}
2021-06-01T11:14:11.407384031Z | {"log":"-A ISTIO_INBOUND -p tcp -m tcp --dport 15008 -j RETURN ","time":"2021-06-01T11:14:11.407384031Z"}
2021-06-01T11:14:11.407378931Z | {"log":"-A OUTPUT -p tcp -j ISTIO_OUTPUT ","time":"2021-06-01T11:14:11.407378931Z"}
2021-06-01T11:14:11.407371031Z | {"log":"-A PREROUTING -p tcp -j ISTIO_INBOUND ","time":"2021-06-01T11:14:11.407371031Z"}
2021-06-01T11:14:11.407330931Z | {"log":":ISTIO_REDIRECT - [0:0] ","time":"2021-06-01T11:14:11.407330931Z"}
2021-06-01T11:14:11.407326331Z | {"log":":ISTIO_OUTPUT - [0:0] ","time":"2021-06-01T11:14:11.407326331Z"}
2021-06-01T11:14:11.407321531Z | {"log":":ISTIO_IN_REDIRECT - [0:0] ","time":"2021-06-01T11:14:11.407321531Z"}
2021-06-01T11:14:11.407316731Z | {"log":":ISTIO_INBOUND - [0:0] ","time":"2021-06-01T11:14:11.407316731Z"}
2021-06-01T11:14:11.407311631Z | {"log":":POSTROUTING ACCEPT [0:0] ","time":"2021-06-01T11:14:11.407311631Z"}
2021-06-01T11:14:11.407302831Z | {"log":":OUTPUT ACCEPT [0:0] ","time":"2021-06-01T11:14:11.407302831Z"}
2021-06-01T11:14:11.407266032Z | {"log":":INPUT ACCEPT [0:0] ","time":"2021-06-01T11:14:11.407266032Z"}
2021-06-01T11:14:11.407260932Z | {"log":":PREROUTING ACCEPT [0:0] ","time":"2021-06-01T11:14:11.407260932Z"}
2021-06-01T11:14:11.407249432Z | {"log":"*nat ","time":"2021-06-01T11:14:11.407249432Z"}
2021-06-01T11:14:11.407054532Z | {"log":"# Generated by iptables-save v1.6.2 on Tue Jun 1 11:14:11 2021 ","time":"2021-06-01T11:14:11.407054532Z"}
2021-06-01T11:14:11.400728456Z | {"log":"iptables-save ","time":"2021-06-01T11:14:11.400728456Z"}
2021-06-01T11:14:11.334278007Z | {"log":"ip6tables-restore --noflush /tmp/ip6tables-rules-1622546051333952108.txt586408984 ","time":"2021-06-01T11:14:11.334278007Z"}
2021-06-01T11:14:11.334272707Z | {"log":" ","time":"2021-06-01T11:14:11.334272707Z"}
2021-06-01T11:14:11.334254807Z | {"log":"Writing following contents to rules file: /tmp/ip6tables-rules-1622546051333952108.txt586408984 ","time":"2021-06-01T11:14:11.334254807Z"}
2021-06-01T11:14:11.315263378Z | {"log":"iptables-restore --noflush /tmp/iptables-rules-1622546051313506285.txt247778909 ","time":"2021-06-01T11:14:11.315263378Z"}
2021-06-01T11:14:11.315258978Z | {"log":" ","time":"2021-06-01T11:14:11.315258978Z"}
2021-06-01T11:14:11.315253778Z | {"log":"COMMIT ","time":"2021-06-01T11:14:11.315253778Z"}
2021-06-01T11:14:11.315249178Z | {"log":"-A ISTIO_OUTPUT -j ISTIO_REDIRECT ","time":"2021-06-01T11:14:11.315249178Z"}
2021-06-01T11:14:11.315244478Z | {"log":"-A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN ","time":"2021-06-01T11:14:11.315244478Z"}
2021-06-01T11:14:11.315239778Z | {"log":"-A ISTIO_OUTPUT -m owner --gid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.315239778Z"}
2021-06-01T11:14:11.315234978Z | {"log":"-A ISTIO_OUTPUT -o lo -m owner ! --gid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.315234978Z"}
2021-06-01T11:14:11.315230178Z | {"log":"-A ISTIO_OUTPUT -o lo ! -d 127.0.0.1/32 -m owner --gid-owner 1337 -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.315230178Z"}
2021-06-01T11:14:11.315225278Z | {"log":"-A ISTIO_OUTPUT -m owner --uid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.315225278Z"}
2021-06-01T11:14:11.315220578Z | {"log":"-A ISTIO_OUTPUT -o lo -m owner ! --uid-owner 1337 -j RETURN ","time":"2021-06-01T11:14:11.315220578Z"}
2021-06-01T11:14:11.315215778Z | {"log":"-A ISTIO_OUTPUT -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1337 -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.315215778Z"}
2021-06-01T11:14:11.315210878Z | {"log":"-A ISTIO_OUTPUT -o lo -s 127.0.0.6/32 -j RETURN ","time":"2021-06-01T11:14:11.315210878Z"}
2021-06-01T11:14:11.315206179Z | {"log":"-A OUTPUT -p tcp -j ISTIO_OUTPUT ","time":"2021-06-01T11:14:11.315206179Z"}
2021-06-01T11:14:11.315201579Z | {"log":"-A ISTIO_INBOUND -p tcp -j ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.315201579Z"}
2021-06-01T11:14:11.315196879Z | {"log":"-A ISTIO_INBOUND -p tcp --dport 15020 -j RETURN ","time":"2021-06-01T11:14:11.315196879Z"}
2021-06-01T11:14:11.315192279Z | {"log":"-A ISTIO_INBOUND -p tcp --dport 15021 -j RETURN ","time":"2021-06-01T11:14:11.315192279Z"}
2021-06-01T11:14:11.315187279Z | {"log":"-A ISTIO_INBOUND -p tcp --dport 15090 -j RETURN ","time":"2021-06-01T11:14:11.315187279Z"}
2021-06-01T11:14:11.315172179Z | {"log":"-A ISTIO_INBOUND -p tcp --dport 22 -j RETURN ","time":"2021-06-01T11:14:11.315172179Z"}
2021-06-01T11:14:11.315167579Z | {"log":"-A PREROUTING -p tcp -j ISTIO_INBOUND ","time":"2021-06-01T11:14:11.315167579Z"}
2021-06-01T11:14:11.315161079Z | {"log":"-A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006 ","time":"2021-06-01T11:14:11.315161079Z"}
2021-06-01T11:14:11.315156379Z | {"log":"-A ISTIO_REDIRECT -p tcp -j REDIRECT --to-ports 15001 ","time":"2021-06-01T11:14:11.315156379Z"}
2021-06-01T11:14:11.315151679Z | {"log":"-A ISTIO_INBOUND -p tcp --dport 15008 -j RETURN ","time":"2021-06-01T11:14:11.315151679Z"}
2021-06-01T11:14:11.315147279Z | {"log":"-N ISTIO_OUTPUT ","time":"2021-06-01T11:14:11.315147279Z"}
2021-06-01T11:14:11.315142579Z | {"log":"-N ISTIO_IN_REDIRECT ","time":"2021-06-01T11:14:11.315142579Z"}
2021-06-01T11:14:11.315138179Z | {"log":"-N ISTIO_REDIRECT ","time":"2021-06-01T11:14:11.315138179Z"}
2021-06-01T11:14:11.315133679Z | {"log":"-N ISTIO_INBOUND ","time":"2021-06-01T11:14:11.315133679Z"}
2021-06-01T11:14:11.315129079Z | {"log":"* nat ","time":"2021-06-01T11:14:11.315129079Z"}
2021-06-01T11:14:11.315122479Z | {"log":"Writing following contents to rules file: /tmp/iptables-rules-1622546051313506285.txt247778909 ","time":"2021-06-01T11:14:11.315122479Z"}
2021-06-01T11:14:11.315117979Z | {"log":" ","time":"2021-06-01T11:14:11.315117979Z"}
2021-06-01T11:14:11.315112779Z | {"log":"DNS_SERVERS=[],[] ","time":"2021-06-01T11:14:11.315112779Z"}
2021-06-01T11:14:11.315097879Z | {"log":"ENABLE_INBOUND_IPV6=false ","time":"2021-06-01T11:14:11.315097879Z"}
2021-06-01T11:14:11.314989279Z | {"log":"KUBEVIRT_INTERFACES= ","time":"2021-06-01T11:14:11.314989279Z"}
2021-06-01T11:14:11.314984679Z | {"log":"OUTBOUND_PORTS_EXCLUDE= ","time":"2021-06-01T11:14:11.314984679Z"}
2021-06-01T11:14:11.314979979Z | {"log":"OUTBOUND_PORTS_INCLUDE= ","time":"2021-06-01T11:14:11.314979979Z"}
2021-06-01T11:14:11.314975479Z | {"log":"OUTBOUND_IP_RANGES_EXCLUDE= ","time":"2021-06-01T11:14:11.314975479Z"}
2021-06-01T11:14:11.314971079Z | {"log":"OUTBOUND_IP_RANGES_INCLUDE=* ","time":"2021-06-01T11:14:11.314971079Z"}
2021-06-01T11:14:11.314966479Z | {"log":"INBOUND_PORTS_EXCLUDE=15090,15021,15020 ","time":"2021-06-01T11:14:11.314966479Z"}
2021-06-01T11:14:11.314961779Z | {"log":"INBOUND_PORTS_INCLUDE=* ","time":"2021-06-01T11:14:11.314961779Z"}
2021-06-01T11:14:11.314957079Z | {"log":"INBOUND_TPROXY_ROUTE_TABLE=133 ","time":"2021-06-01T11:14:11.314957079Z"}
2021-06-01T11:14:11.314952379Z | {"log":"INBOUND_TPROXY_MARK=1337 ","time":"2021-06-01T11:14:11.314952379Z"}
2021-06-01T11:14:11.314947779Z | {"log":"INBOUND_INTERCEPTION_MODE=REDIRECT ","time":"2021-06-01T11:14:11.314947779Z"}
2021-06-01T11:14:11.314943079Z | {"log":"PROXY_GID=1337 ","time":"2021-06-01T11:14:11.314943079Z"}
2021-06-01T11:14:11.31493848Z | {"log":"PROXY_UID=1337 ","time":"2021-06-01T11:14:11.31493848Z"}
2021-06-01T11:14:11.31493378Z | {"log":"PROXY_TUNNEL_PORT=15008 ","time":"2021-06-01T11:14:11.31493378Z"}
2021-06-01T11:14:11.31492928Z | {"log":"PROXY_INBOUND_CAPTURE_PORT=15006 ","time":"2021-06-01T11:14:11.31492928Z"}
2021-06-01T11:14:11.31492488Z | {"log":"PROXY_PORT=15001 ","time":"2021-06-01T11:14:11.31492488Z"}
2021-06-01T11:14:11.31492028Z | {"log":"---------- ","time":"2021-06-01T11:14:11.31492028Z"}
2021-06-01T11:14:11.31491578Z | {"log":"Variables: ","time":"2021-06-01T11:14:11.31491578Z"}
2021-06-01T11:14:11.31489488Z | {"log":" ","time":"2021-06-01T11:14:11.31489488Z"}
2021-06-01T11:14:11.31489008Z | {"log":"ISTIO_SERVICE_EXCLUDE_CIDR= ","time":"2021-06-01T11:14:11.31489008Z"}
2021-06-01T11:14:11.31488518Z | {"log":"ISTIO_SERVICE_CIDR= ","time":"2021-06-01T11:14:11.31488518Z"}
2021-06-01T11:14:11.31488048Z | {"log":"ISTIO_LOCAL_EXCLUDE_PORTS= ","time":"2021-06-01T11:14:11.31488048Z"}
2021-06-01T11:14:11.31487588Z | {"log":"ISTIO_OUTBOUND_PORTS= ","time":"2021-06-01T11:14:11.31487588Z"}
2021-06-01T11:14:11.31487098Z | {"log":"ISTIO_INBOUND_PORTS= ","time":"2021-06-01T11:14:11.31487098Z"}
2021-06-01T11:14:11.31486598Z | {"log":"ISTIO_INBOUND_TPROXY_ROUTE_TABLE= ","time":"2021-06-01T11:14:11.31486598Z"}
2021-06-01T11:14:11.31486088Z | {"log":"ISTIO_INBOUND_TPROXY_MARK= ","time":"2021-06-01T11:14:11.31486088Z"}
2021-06-01T11:14:11.31485598Z | {"log":"ISTIO_INBOUND_INTERCEPTION_MODE= ","time":"2021-06-01T11:14:11.31485598Z"}
2021-06-01T11:14:11.31485098Z | {"log":"INBOUND_CAPTURE_PORT= ","time":"2021-06-01T11:14:11.31485098Z"}
2021-06-01T11:14:11.31484598Z | {"log":"ENVOY_PORT= ","time":"2021-06-01T11:14:11.31484598Z"}
2021-06-01T11:14:11.31483858Z | {"log":"------------ ","time":"2021-06-01T11:14:11.31483858Z"}
2021-06-01T11:14:11.31479378Z | {"log":"Environment: ","time":"2021-06-01T11:14:11.31479378Z"}
<!--EndFragment-->
I don't see any error messages in here. Can you search for "ERROR" or "WARN" in the log?
There is no more. Searched for "ERROR" and "WARN messages for the last 15 minutes, after I removed the pod again.
The Ui shows me now "Running", although the CLI kubectl shows CrashLoopBackOff.
PS C:\git\kyma-mtx-faq-management> kubectl get pods --namespace project-faq
NAME READY STATUS RESTARTS AGE
faq-backend-746649fd4-sbjpr 1/2 CrashLoopBackOff 4 2m38s
faq-broker-5df55b575c-wbp9k 2/2 Running 2 23h
faq-exporter-5d4cbbf4f6-w4vf5 2/2 Running 0 23h
kyma-faq-ui-shell-6cc59bdcc5-pr9nn 2/2 Running 0 23h
project-faq-gateway-7557887b66-rvbk6 2/2 Running 0 23h
Tried to log it from cli, but struggle with a deprecated annotation.
kubectl logs -f -p faq-backend-746649fd4-sbjpr --namespace project-faq
Using deprecated annotation `kubectl.kubernetes.io/default-logs-container` in pod/faq-backend-746649fd4-sbjpr. Please use `kubectl.kubernetes.io/default-container` instead
There needs to be an error message somewhere (as the status is set to "CrashLoopBackOff"). It's hard to diagnoze this without the error message.
There needs to be an error message somewhere (as the status is set to "CrashLoopBackOff"). It's hard to diagnoze this without the error message.
this is why I tried to do it from command line.
I'm sorry this is causing you so much troubles on Windows. I asked a colleague (also a Windows user) to follow the instructions. Maybe he makes an insightful observation that can help.
No problem! I like it. Is a good reason to get deeper in K8s! :)
I just wiped my namespace and tested it and I can confirm that there is a problem. And I found out what it was :) : The creation of the "faq-saas-registry" didn't complete successfully.
As we're all running on the same trial landscape, we need to have unique app names. In short, you need to change two occurrences of faq-app
(have a look at the linked commit for details) to something unique (e.g. add your cluster id). This was causing the problem.
Thanks a lot for reporting this one! I'll publish a fix right now, please confirm that this worked.
PS: You need to remove all deployments and service instances before running the kubectl apply
commands again. You don't have the repeat the steps before thekubectl apply
commands.
Sorry, but I can't confirm that.
faq-saas-registry was not in a pending status. It was running fine!
After checking the status for faq-saas-registry I removed the deployments and pods as you asked for. Changed the appName: FaqManagement-c-2ac3840 and deployed all the .yaml files again.
I do have the same issue as before (faq-backend is not running). faq-saas-registry is running fine.
I'm quite sure, that it has something to do with the wrong base64 secrets. (base64 //)
base64 (//57AA0ACgAgACIAYwBsAGkAZQBuAHQAaQBkAC...)
The pod shows me this error msg: caused: setenv: invalid argument: unknown
failed to start container "1705652c44339d596d74ef78ab79fe4c1e5e46fdf8a408162d3213535f6ab7fc": Error response from daemon: OCI runtime create failed: container_linux.go:370: starting container process caused: process_linux.go:459: container init caused: setenv: invalid argument: unknown
For this problem (caused: setenv: invalid argument: unknown) I found this: https://github.com/opencontainers/runc/issues/1720
The reason seems to be a wrong base64 key. If you don't have this issue, I think it must have something to do with the Windows kubectl CLI.
really strange...
My colleague (Windows user) was able to create the secret (and to see it) without any problems. He also noticed that tails
is not available on Windows - so I added a not for this. But I don't see this as a Windows problem - at least not one that affects all versions of Windows.
Can you try to create another opaque secret via kubectl and see this one in the console?
ok, I'm playing a little bit with the sm-credentials.
Could you tell me, if your sm-credentials yaml looks similar to mine? And does your credentials starts with this "//" characters too?
Mine looks a little bit different. I doesn't start with //
and it doesn't include the managedFields
either.
Please, would you let me know what your kubectl version is? PS C:\git\kyma-mtx-faq-management> kubectl version Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.1", GitCommit:"5e58841cce77d4bc13713ad2b91fa0d961e69192", GitTreeState:"clean", BuildDate:"2021-05-12T14:18:45Z", GoVersion:"go1.16.4", Compiler:"gc", Platform:"windows/amd64"} Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.17", GitCommit:"68b4e26caf6ede7af577db4af62fb405b4dd47e6", GitTreeState:"clean", BuildDate:"2021-03-18T00:54:02Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"} WARNING: version difference between client (1.21) and server (1.18) exceeds the supported minor version skew of +/-1
removed my newer client version and downgraded it to 1.18., but without success. same strange behavior (secrets) as before.
will close this ticket.
PS C:\git\kyma-mtx-faq-management> kubectl version Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.0", GitCommit:"9e991415386e4cf155a24b1da15becaa390438d8", GitTreeState:"clean", BuildDate:"2020-03-25T14:58:59Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"windows/amd64"} Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.17", GitCommit:"68b4e26caf6ede7af577db4af62fb405b4dd47e6", GitTreeState:"clean", BuildDate:"2021-03-18T00:54:02Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Tried it also from WSL, but the same result.
Can confirm that I have the exact same issue on a Win10Pro environment (tried it with different approaches too, including WSL2, without success).
ok, I'm playing a little bit with the sm-credentials.
I changed the credentials more times and removed all special characters, but the two "//" are always left in the base64 key.
I'll reopen the ticket as this definitely something that should be followed up upon.
The colleague who tested it on Windows is running
kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:31:21Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"windows/amd64"}
And creates the following secret (without //
):
To solve this issue I replaced the base64 with my own created base64 key. (https://www.base64encode.org/) After that, the pods and deployments are running and I can see the "FAQ Saas Sample" in the new "Consumer"-Subaccount.
So, now I'm ready to continue the next steps...
The colleague who tested it on Windows is running Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0"
I downgraded my CLI to GitVersion:"v1.21.0" but without any difference. Same strange behavior.
Tried to continue with the lesson and came to the next hurdle. There is still a problem with the faq-backend-746649fd4-z4sf4
But I think in this case is the reason the hdi-service. Error: Conflict, description: instance with same name exists for the current tenant
2021-06-03T06:42:05.488018309Z | {"log":"npm ERR! errno 1 ","time":"2021-06-03T06:42:05.488018309Z"}
-- | --
2021-06-03T06:42:05.469842389Z | {"log":" at Object.error (/usr/src/app/node_modules/@sap/cds-mtx/node_modules/@sap/instance-manager/lib/polling-control.js:10:13) ","time":"2021-06-03T06:42:05.469842389Z"}
2021-06-03T06:42:05.469749489Z | {"log":"[HDI_CONTAINER_MANAGER] - Error: State of create operation is failed (resource type: /v1/service_instances, resource id: 9fe61cf3-a536-4cb2-8178-6319fc0e3547, operation id: f3ca6a92-accd-4caf-a991-db28c165de54), error: Conflict, description: instance with same name exists for the current tenant ","time":"2021-06-03T06:42:05.469749489Z"}
Any ideas?
Check if your Hana cloud instance is up and running and make sure the all IP address is allowed.
Finally I found the reason, why the k8s secret creation did not work well regarding the content of the secret.
In my case the cf service-key faq-saas-container faq-container-key > faq-container-key.json
command created the file faq-container-key.json with UTF16 LE encoding (when executed in Powershell). Switching the encoding to UTF8 solves the original issue discussed here.
@IObert Maybe worth to add an additional sentence in the Readme that users will check the encoding of the created file to be sure that they do not run into the same issue.
@pfefferf: You are right! If you use Powershell you will get UTF16 LE, but if you use MINGW64 (bash) you will get UTF-8 This would explain, why some Win-User doesn't have this issue.
And a further plus is that with bash for windows the commands tail and base64 are working. $ cf service-key faq-saas-container faq-container-key | tail -n +3 > faq-container-key.json $ kubectl get secret sm-credentials -o jsonpath='{.data.credentials}' --namespace project-faq | base64 --decode
C/C++ for Visual Studio Code - MinGW https://code.visualstudio.com/docs/cpp/config-mingw
Wow, that's a really nasty issue! Thanks a lot for identifying this one. I'll update the readme.
Hi @IObert,
I can't find the mentioned "FAQ-Saas-Sample" in my "Consumer"-Subaccount.
Any ideas? Thanks & best Regards Dirk