Open JiriHusak-lab opened 1 year ago
It could be due to some network connectivity issues where oc
is not able to pull from the supplied git repos, i couldn't reproduce this locally:
❯ oc new-app --strategy=docker https://github.com/evanshortiss/openshift-typescript-example
--> Found image da98079 (7 months old) in image stream "dev-test/node" under tag "12-alpine" for "node:12-alpine"
* A Docker build using source code from https://github.com/evanshortiss/openshift-typescript-example will be created
* The resulting image will be pushed to image stream tag "openshift-typescript-example:latest"
* Use 'oc start-build' to trigger a new build
--> Creating resources ...
imagestream.image.openshift.io "openshift-typescript-example" created
buildconfig.build.openshift.io "openshift-typescript-example" created
Warning: would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "openshift-typescript-example" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "openshift-typescript-example" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "openshift-typescript-example" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "openshift-typescript-example" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps "openshift-typescript-example" created
--> Success
Build scheduled, use 'oc logs -f buildconfig/openshift-typescript-example' to track its progress.
Run 'oc status' to view your app.
Using the same oc
version as in 2.10.2
:
❯ oc version
Client Version: 4.10.34
Server Version: 4.11.7
Kubernetes Version: v1.24.0+3882f8f
Hi, in previous version it has worked properly. There is no network issue, issue is present from yesterday when I have installed latest crc version. I can clone repo, I have used it in the same way long time using previous crc versions.
Issue is present in version: Client Version: 4.11.7 Kustomize Version: v4.5.4 Server Version: 4.11.7 Kubernetes Version: v1.24.0+3882f8f
@JiriHusak-lab not sure how a new release could cause this, since the bundle and oc
client version is 4.11.7
same as in crc v2.10.1
since am not able to reproduce this on my side really not sure what could cause this for you, make sure you are using the correct oc
binaries, maybe try clearing your ~/.crc/bin
directory and start from a clean state:
$ rm -rf ~/.crc/bin
$ crc cleanup
$ crc setup
I did it twice completely:
crc setup and crc start log:
[crc@rhel821 ~]$ crc setup
CRC is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection)
Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>'
Would you like to contribute anonymous usage statistics? [y/N]: N
No worry, you can still enable telemetry manually with the command 'crc config set consent-telemetry yes'.
INFO Using bundle path /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle
INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached
INFO Caching crc-admin-helper executable
INFO Using root access: Changing ownership of /var/crc/.crc/bin/crc-admin-helper-linux
[sudo] password for crc:
INFO Using root access: Setting suid for /var/crc/.crc/bin/crc-admin-helper-linux
INFO Checking for obsolete admin-helper executable
INFO Checking if running on a supported CPU architecture
INFO Checking minimum RAM requirements
INFO Checking if crc executable symlink exists
INFO Creating symlink for crc executable
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Checking if user is part of libvirt group
INFO Checking if active user/process is currently part of the libvirt group
INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed
INFO Checking if crc-driver-libvirt is installed
INFO Installing crc-driver-libvirt
INFO Checking crc daemon systemd service
INFO Setting up crc daemon systemd service
INFO Checking crc daemon systemd socket units
INFO Setting up crc daemon systemd socket units
INFO Checking if systemd-networkd is running
INFO Checking if NetworkManager is installed
INFO Checking if NetworkManager service is running
INFO Checking if dnsmasq configurations file exist for NetworkManager
INFO Checking if the systemd-resolved service is running
INFO Checking if /etc/NetworkManager/dispatcher.d/99-crc.sh exists
INFO Checking if libvirt 'crc' network is available
INFO Checking if libvirt 'crc' network is active
INFO Checking if CRC bundle is extracted in '$HOME/.crc'
INFO Checking if /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle exists
INFO Getting bundle for the CRC executable
3.15 GiB / 3.15 GiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 8.58 MiB p/s
INFO Uncompressing /var/crc/.crc/cache/crc_libvirt_4.11.7_amd64.crcbundle
crc.qcow2: 12.01 GiB / 12.01 GiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%
oc: 118.14 MiB / 118.14 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%
Your system is correctly setup for using CRC. Use 'crc start' to start the instance
[crc@rhel821 ~]$ crc start
INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached
INFO Checking for obsolete admin-helper executable
INFO Checking if running on a supported CPU architecture
INFO Checking minimum RAM requirements
INFO Checking if crc executable symlink exists
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Checking if user is part of libvirt group
INFO Checking if active user/process is currently part of the libvirt group
INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed
INFO Checking if crc-driver-libvirt is installed
INFO Checking crc daemon systemd socket units
INFO Checking if systemd-networkd is running
INFO Checking if NetworkManager is installed
INFO Checking if NetworkManager service is running
INFO Checking if dnsmasq configurations file exist for NetworkManager
INFO Checking if the systemd-resolved service is running
INFO Checking if /etc/NetworkManager/dispatcher.d/99-crc.sh exists
INFO Checking if libvirt 'crc' network is available
INFO Checking if libvirt 'crc' network is active
INFO Loading bundle: crc_libvirt_4.11.7_amd64...
CRC requires a pull secret to download content from Red Hat.
You can copy it from the Pull Secret section of https://console.redhat.com/openshift/create/local.
? Please enter the pull secret **
WARN Cannot add pull secret to keyring: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'
INFO Creating CRC VM for openshift 4.11.7...
INFO Generating new SSH key pair...
INFO Generating new password for the kubeadmin user
INFO Starting CRC VM for openshift 4.11.7...
INFO CRC instance is running with IP 192.168.130.11
INFO CRC VM is running
INFO Updating authorized keys...
INFO Check internal and public DNS query...
INFO Check DNS query from host...
INFO Verifying validity of the kubelet certificates...
INFO Starting kubelet service
INFO Waiting for kube-apiserver availability... [takes around 2min]
INFO Adding user's pull secret to the cluster...
INFO Updating SSH key to machine config resource...
INFO Waiting for user's pull secret part of instance disk...
INFO Changing the password for the kubeadmin user
INFO Updating cluster ID...
INFO Updating root CA cert to admin-kubeconfig-client-ca configmap...
INFO Starting openshift instance... [waiting for the cluster to stabilize]
INFO Operator openshift-controller-manager is progressing
INFO Operator openshift-controller-manager is progressing
INFO Operator openshift-controller-manager is progressing
INFO Operator openshift-controller-manager is progressing
INFO Operator openshift-controller-manager is progressing
INFO All operators are available. Ensuring stability...
INFO Operators are stable (2/3)...
INFO Operators are stable (3/3)...
INFO Adding crc-admin and crc-developer contexts to kubeconfig...
Started the OpenShift cluster.
The server is accessible via web console at: https://console-openshift-console.apps-crc.testing
Log in as administrator: Username: kubeadmin Password: EGPAw-kibED-RHM2V-wbW3L
Log in as user: Username: developer Password: developer
Use the 'oc' command line interface: $ eval $(crc oc-env) $ oc login -u developer https://api.crc.testing:6443 [crc@rhel821 ~]$ crc status CRC VM: Running OpenShift: Running (v4.11.7) RAM Usage: 6.249GB of 9.399GB Disk Usage: 14.91GB of 32.74GB (Inside the CRC VM) Cache Usage: 16.43GB Cache Directory: /var/crc/.crc/cache
Here is an oc output when I've increased loglevel severity. But warning: Cannot check if git requires authentication. has been present also in previous versions where oc new-app worked properly. oc new-app --strategy docker git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds --loglevel 10
I1110 12:49:02.095423 3702136 loader.go:372] Config loaded from file: /var/crc/.kube/config I1110 12:49:02.096850 3702136 newapp.go:655] Container service did not respond to a ping: Get "http://unix.sock/_ping": dial unix /var/run/docker.sock: connect: no such file or directory I1110 12:49:02.097034 3702136 sourcelookup.go:316] Checking if git@X.Y.Z.W:mgrp/xxx-ds.git requires authentication I1110 12:49:02.097051 3702136 repository.go:450] Executing git ls-remote --heads git@X.Y.Z.W:mgrp/xxx-ds.git I1110 12:49:02.097072 3702136 repository.go:459] Environment: I1110 12:49:02.097077 3702136 repository.go:461] - HOME=/tmp/githome4060803832 I1110 12:49:02.097083 3702136 repository.go:461] - GIT_SSH=/dev/null I1110 12:49:02.097087 3702136 repository.go:461] - GIT_CONFIG_NOSYSTEM=true I1110 12:49:02.097093 3702136 repository.go:461] - GIT_ASKPASS=true I1110 12:49:02.099885 3702136 repository.go:541] Error executing command: exit status 128 warning: Cannot check if git requires authentication. I1110 12:49:02.100005 3702136 newapp.go:346] treating git@X.Y.Z.W:mgrp/xxx-ds.git as a component ref error: --strategy is specified and none of the arguments provided could be classified as a source code location
I've successfully used oc new-app command with public github repo using https:/...githuburl.
So I guess that in version crc-linux-2.10.2-amd64 according version crc-linux-2.0.1-amd64 thera is some change (hardening) of security in terms of access to git repo. And maybe message reported (which is missleading) has changed.
BTW - I have to change my yaml files apiVersion as it has chagned since K8 version 1.16. So I assume change in git access security as well. Problem is - according my guess - in authentication to access git repo. In previous version it has worked , now oc new-app reportes "error: --strategy is specified and none of the arguments provided could be classified as a source code location" what is a bit missleading. It is not a problem of syntax but it seems to be that CRC can't access git repo in this new version. Can you help me and give a hint what security change is there sinse version crc-linux-2.0.1-amd64?
Thanks a lot, Jiri
I am certain it's the same oc
client binaries and OCP
bundle that was shipped in 2.10.1
that is in 2.10.2
, the client binaries are packed in the *.crcbundle
and that didn't change as i already have mentioned earlier.
have you also ruled out that the --source-secret
value is correct/upto date for the repo in question?
Hi, so, there is a progress. CRC can successfully access my git repo as I realized now. There is a really some bug in CRC version. When I've used he same oc new-app command and add image from Dockerfile FROM statement with ~ - it workes.
ERROR: oc new-app --strategy docker git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds OK: oc new-app --strategy docker image-name~git@X.Y.Z.W:mgrp/xxx-ds.git --source-secret repo-at-gitlab --name xxx-ds
So without specifying image-name~ oc new-app reports "error: --strategy is specified and none of the arguments provided could be classified as a source code location". When image-name~ is specified, build from git repo is successfully started according Dockerfile in git repo.
The same behaviour has my colleague independently using the same CRC version. And of course, my Dockerfile has correct FROM statement with the proper image.
Hi, any comment regarding latest CRC version bug (oc new-app using strategy Docker can't recognize git repo without prefixing git repo with image~) ? Because for services where I use multi-stage build (Dockerfile contains 2 FROM statements) this BUG IS A SHOWSTOPPER.
I've used image used for first stage (first FROM in Dockerfile) but it overides second FROM (second build stage) in Dockerfile as well. In Dockerfile second stage (second FROM) is using another image. Build of course fails then.
Any hint, any help, any fix please?
@JiriHusak-lab Is it bug from CRC or from openshift side itself because we are just running the cluster without much change. Can you perform same action on a production grade openshift cluster which have similar OCP version which crc ships. Looking at the comments looks like it is bug on openshift side not CRC side.
We are going to do another release by this week which will have updated version of ocp do try once it is available and able to fix that bug.
Hi,
yesterday I've downloaded version crc-linux-2.10.2-amd64 and successfully installed.
I have reached one issue. In all previous CRC versions I've used oc new-app command as follows:
Now this command returns error:
The same error returns following commands as well:
Question: what has changed in the latest CRC version that oc new-app commands I have always used do not work? As far as I tried, I haven't reach other issue in this version.