Closed lsergio closed 9 months ago
It seems to be a problem with the container, like the application was not really pushed. Can you verify if the generated container has the required artifacts? Please check the image which is running the Pod. Also, consider we've deprecated Kaniko [1], so, if there is some problem there we won't be able to fix. Try to use default Spectrum or Jib strategy [2].
[1] https://camel.apache.org/blog/2023/10/camel-k-2-1/ [2] https://camel.apache.org/camel-k/next/installation/advanced/build-config.html#publish-strategy
@squakez I checked the container and the artifacts are there. However, to be able to see them, I had to edit the generated deployment and change the securityContext from:
securityContext: {}
to
securityContext:
runAsUser: 0
And the list of files shows me:
./dependencies/app:
total 4
-rw-r--r-- 1 root root 2658 Dec 1 16:48 camel-k-integration-2.1.0.jar
./dependencies/lib:
total 24
drwxr-sr-x 2 root root 4096 Dec 1 16:48 boot
drwxr-sr-x 2 root root 16384 Dec 1 16:48 main
./dependencies/lib/boot:
total 1708
-rw-r--r-- 1 root root 9341 Dec 1 16:48 io.github.crac.org-crac-0.1.3.jar
-rw-r--r-- 1 root root 43387 Dec 1 16:48 io.quarkus.quarkus-bootstrap-runner-3.2.6.Final.jar
-rw-r--r-- 1 root root 45294 Dec 1 16:48 io.quarkus.quarkus-development-mode-spi-3.2.6.Final.jar
(the list was truncated, as it was too long)
And after this change the integration also starts successfully.
What Kubernetes version/distribution are you using?
I'm running on Kubernetes 1.25 on EKS: v1.25.15-eks-4f4795d, more precisely
Create an Integration. In my case I used one like this:
Are you creating the Integration CR yourself or using kamel run <integration>
?
I'm running kubectl apply -f test.yaml
where test.yaml
is:
apiVersion: camel.apache.org/v1
kind: Integration
metadata:
name: test
spec:
sources:
- name: main.groovy
content: |-
rest("/test-mode")
.post()
.to("direct:start")
from("direct:start").to("log:info")
I think the problem is the fact that Kaniko (and Buildah) needs root privileges in order to work. When it creates the container, since it is with root privileges, then, the artifact has root visibility only. By default, the securityContext will run with the USER 1000
privileges, reason why it cannot find that artifact. The only way to have this running is, as you did, run with a privileged root.
We have deprecated Kaniko and Buildah also for this reason in version 2.1.0, so, the suggestion from us is to move to a supported (and more secure) publishing strategy [1].
[1] https://camel.apache.org/camel-k/next/installation/advanced/build-config.html#publish-strategy
Thanks. I'll have a look at the other publish strategies.
What happened?
I'm trying to run a basic integration with Camel K 2.1 and it fails to start.
Steps to reproduce
Setup a gcr repository as described in https://camel.apache.org/camel-k/2.1.x/installation/registry/gcr.html.
Install kamel using the following command:
kamel install --olm=false --build-publish-strategy=Kaniko --registry gcr.io --organization yourprojectid --registry-secret kaniko-secret
Create a secret for pulling the images from GCR and configure the pull-secret trait in the IntegrationPlatform object:
Create an Integration. In my case I used one like this:
Wait for the builder to finish and create the integration pod.
Check the Integration pod log.
There will be this error:
The full log is added to the log output field.
Relevant log output
Camel K version
2.1.0