Theia Cloud on GKE giving nginx error

[kartikwatwani]

Describe the bug

The try now URL that I receive after running terraform apply for gke_getting_started.tf is giving me 404 not found nginx error.

Expected behavior

The login page should come up when I visit the URL provided after terraform apply command finishes.

Cluster provider

GKE

Version

0.11.0

Additional information

1) gke_getting_started.tf

variable "project_id" {
  description = "The GCE project id"
}

variable "service_account_email" {
  description = "The email of the service account for the GKE nodes"
}

variable "location" {
  description = "The zone of the created cluster"
  default     = "asia-south2-a"
}

variable "cert_manager_issuer_email" {
  description = "Email address used to create certificates."
}

variable "keycloak_admin_password" {
  description = "Keycloak Admin Password"
  sensitive   = true
}

variable "postgres_postgres_password" {
  description = "Keycloak Postgres DB Postgres (Admin) Password"
  sensitive   = true
}

variable "postgres_password" {
  description = "Keycloak Postgres DB Password"
  sensitive   = true
}

provider "google" {
  project = var.project_id
  zone    = var.location
}

module "cluster" {
  source = "../../modules/cluster_creation/gke/"

  # adjust values below
  project_id = var.project_id
  location   = var.location
  service_account_email = var.service_account_email
}

resource "google_compute_address" "host_ip" {
  depends_on = [module.cluster]
  name       = "theia-cloud-nginx-ip"
}

provider "helm" {
  kubernetes {
    host                   = module.cluster.cluster_host
    token                  = module.cluster.cluster_token
    cluster_ca_certificate = module.cluster.cluster_ca_certificate
  }
}

provider "kubectl" {
  load_config_file       = false
  host                   = module.cluster.cluster_host
  token                  = module.cluster.cluster_token
  cluster_ca_certificate = module.cluster.cluster_ca_certificate
}

module "helm" {
  source = "../../modules/helm"

  install_ingress_controller  = true
  cert_manager_issuer_email   = var.cert_manager_issuer_email
  cert_manager_cluster_issuer = "letsencrypt-prod"
  cert_manager_common_name    = "${google_compute_address.host_ip.address}.sslip.io"
  hostname                    = "${google_compute_address.host_ip.address}.sslip.io"
  keycloak_admin_password     = var.keycloak_admin_password
  postgresql_enabled          = true
  postgres_postgres_password  = var.postgres_postgres_password
  postgres_password           = var.postgres_password
  loadBalancerIP              = google_compute_address.host_ip.address
}

provider "keycloak" {
  client_id     = "admin-cli"
  username      = "admin"
  password      = var.keycloak_admin_password
  url           = "https://${google_compute_address.host_ip.address}.sslip.io/keycloak"
  initial_login = false
}

module "keycloak" {
  source = "../../modules/keycloak"

  depends_on = [module.helm]

  hostname                        = "${google_compute_address.host_ip.address}.sslip.io"
  keycloak_test_user_foo_password = "foo"
  keycloak_test_user_bar_password = "bar"
  valid_redirect_uri              = "https://${google_compute_address.host_ip.address}.sslip.io/*"
}

2) terraform/modules/cluster_creation/gke/main.tf

variable "project_id" {
  description = "The GCE project id"
}

variable "service_account_email" {
  default     = "<my_service_account_email"
  description = "The email of the service account for the GKE nodes"
}

variable "location" {
  description = "The zone of the created cluster"
}
variable "cluster_name" {
  default     = "gke-theia-cloud"
  description = "The name of the created cluster"
}

variable "primary_node_pool_name" {
  default     = "default-pool"
  description = "The name of the primary node pool"
}

variable "primary_node_pool_machine" {
  default     = "e2-standard-2"
  description = "Machine Type of the primary node pool"
}

variable "primary_node_pool_initial_nodes" {
  default     = 1
  description = "Initial number of nodes for the primary node pool"
}

variable "primary_node_pool_max_nodes" {
  default     = 2
  description = "Maximum number of nodes for the primary node pool"
}

resource "google_container_cluster" "primary" {
  name                     = var.cluster_name
  location                 = var.location
  remove_default_node_pool = true
  initial_node_count       = 1
    node_config {
    service_account = var.service_account_email
   }
}

resource "google_container_node_pool" "primary_nodes" {
  name               = var.primary_node_pool_name
  location           = var.location
  cluster            = var.cluster_name
  initial_node_count = var.primary_node_pool_initial_nodes
  depends_on         = [google_container_cluster.primary]

  autoscaling {
    max_node_count = var.primary_node_pool_max_nodes
  }

  node_config {
    service_account = var.service_account_email
    preemptible  = false
    machine_type = var.primary_node_pool_machine
    metadata = {
      disable-legacy-endpoints = "true"
    }
  }

  provisioner "local-exec" {
    command = "gcloud container clusters get-credentials ${var.cluster_name} --zone ${var.location} --project ${var.project_id}"
  }
}

data "google_client_config" "default" {
  depends_on = [google_container_cluster.primary, google_container_node_pool.primary_nodes]
}

3) terraform apply response

var.cert_manager_issuer_email
  Email address used to create certificates.

  Enter a value: <my_email>

var.keycloak_admin_password
  Keycloak Admin Password

  Enter a value: 

var.postgres_password
  Keycloak Postgres DB Password

  Enter a value: 

var.postgres_postgres_password
  Keycloak Postgres DB Postgres (Admin) Password

  Enter a value: 

var.project_id
  The GCE project id

  Enter a value: <my_project_id>

var.service_account_email
  The email of the service account for the GKE nodes

  Enter a value: <my_service_account_email>

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # google_compute_address.host_ip will be created
  + resource "google_compute_address" "host_ip" {
      + address            = (known after apply)
      + address_type       = "EXTERNAL"
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = "theia-cloud-nginx-ip"
      + network_tier       = (known after apply)
      + project            = (known after apply)
      + purpose            = (known after apply)
      + region             = (known after apply)
      + self_link          = (known after apply)
      + subnetwork         = (known after apply)
      + users              = (known after apply)
    }

  # module.cluster.data.google_client_config.default will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "google_client_config" "default" {
      + access_token = (sensitive value)
      + id           = (known after apply)
      + project      = (known after apply)
      + region       = (known after apply)
      + zone         = (known after apply)
    }

  # module.cluster.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = false
      + enable_intranode_visibility = (known after apply)
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-south2-a"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + monitoring_service          = (known after apply)
      + name                        = "gke-theia-cloud"
      + network                     = "default"
      + networking_mode             = (known after apply)
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = (known after apply)
      + tpu_ipv4_cidr_block         = (known after apply)

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = (known after apply)
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + logging_variant   = "DEFAULT"
          + machine_type      = (known after apply)
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = "<service_account_email>"
          + spot              = false
          + taint             = (known after apply)
        }
    }

  # module.cluster.google_container_node_pool.primary_nodes will be created
  + resource "google_container_node_pool" "primary_nodes" {
      + cluster                     = "gke-theia-cloud"
      + id                          = (known after apply)
      + initial_node_count          = 1
      + instance_group_urls         = (known after apply)
      + location                    = "asia-south2-a"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "default-pool"
      + name_prefix                 = (known after apply)
      + node_count                  = (known after apply)
      + node_locations              = (known after apply)
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = (known after apply)

      + autoscaling {
          + location_policy = (known after apply)
          + max_node_count  = 2
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = (known after apply)
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + logging_variant   = "DEFAULT"
          + machine_type      = "e2-standard-2"
          + metadata          = {
              + "disable-legacy-endpoints" = "true"
            }
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = "<service_account_email>"
          + spot              = false
          + taint             = (known after apply)
        }
    }

  # module.helm.helm_release.cert-manager will be created
  + resource "helm_release" "cert-manager" {
      + atomic                     = false
      + chart                      = "cert-manager"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "cert-manager"
      + namespace                  = "cert-manager"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.jetstack.io"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "v1.11.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "installCRDs"
          + value = "true"
        }
    }

  # module.helm.helm_release.keycloak will be created
  + resource "helm_release" "keycloak" {
      + atomic                     = false
      + chart                      = "keycloak"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "keycloak"
      + namespace                  = "keycloak"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://charts.bitnami.com/bitnami"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = (known after apply)
      + verify                     = false
      + version                    = "13.3.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name = "global.storageClass"
        }
      + set {
          + name  = "ingress.hostname"
          + value = (known after apply)
        }
      + set {
          + name  = "postgresql.enabled"
          + value = "true"
        }
      + set {
          + name  = "postgresql.volumePermissions.enabled"
          + value = "false"
        }
      + set {
          + name  = "service.type"
          + value = "LoadBalancer"
        }

      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
      + set_sensitive {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.helm.helm_release.nginx-ingress-controller[0] will be created
  + resource "helm_release" "nginx-ingress-controller" {
      + atomic                     = false
      + chart                      = "ingress-nginx"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "nginx-ingress-controller"
      + namespace                  = "ingress-nginx"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://kubernetes.github.io/ingress-nginx"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "4.5.2"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "controller.service.loadBalancerIP"
          + value = (known after apply)
        }
      + set {
          + name  = "fullnameOverride"
          + value = "ingress-nginx"
        }
    }

  # module.helm.helm_release.theia-cloud[0] will be created
  + resource "helm_release" "theia-cloud" {
      + atomic                     = false
      + chart                      = "theia-cloud"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "theia-cloud"
      + namespace                  = "theiacloud"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://github.eclipsesource.com/theia-cloud-helm"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + values                     = [
          + <<-EOT
                imagePullPolicy: Always

                app:
                  id: asdfghjkl
                  name: Theia Cloud

                demoApplication:
                  name: theiacloud/theia-cloud-demo:0.11.0-next
                  pullSecret: ""
                  timeoutStrategy: "FIXEDTIME"
                  timeoutLimit: "30"
                  imagePullPolicy: IfNotPresent
                  # This overrides the default value and does not write the default values to the app definition
                  monitor: null

                hosts:
                  usePaths: true
                  configuration:
                    service: servicex
                    landing: trynow
                    instance: instances

                landingPage:
                  image: theiacloud/theia-cloud-landing-page:0.11.0-next
                  appDefinition: "theia-cloud-demo"
                  ephemeralStorage: false

                keycloak:
                  enable: true
                  realm: "TheiaCloud"
                  clientId: "theia-cloud"
                  clientSecret: "publicbutoauth2proxywantsasecret"
                  cookieSecret: "OQINaROshtE9TcZkNAm5Zs2Pv3xaWytBmc5W7sPX7ws="

                operator:
                  eagerStart: false
                  bandwidthLimiter: "WONDERSHAPER"
                  sessionsPerUser: "1"
                  storageClassName: ""

                ingress:
                  instanceName: "theia-cloud-demo-ws-ingress"
                  clusterIssuer: letsencrypt-prod
                  theiaCloudCommonName: false
                  addTLSSecretName: false

                monitor:
                  enable: false
            EOT,
        ]
      + verify                     = false
      + version                    = "0.10.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "hosts.configuration.baseHost"
          + value = (known after apply)
        }
      + set {
          + name  = "keycloak.authUrl"
          + value = (known after apply)
        }
      + set {
          + name  = "operator.cloudProvider"
          + value = "K8S"
        }
    }

  # module.helm.helm_release.theia-cloud-base[0] will be created
  + resource "helm_release" "theia-cloud-base" {
      + atomic                     = false
      + chart                      = "theia-cloud-base"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "theia-cloud-base"
      + namespace                  = "theiacloud"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://github.eclipsesource.com/theia-cloud-helm"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.10.0"
      + wait                       = true
      + wait_for_jobs              = false

      + set {
          + name  = "issuer.email"
          + value = "<my_email>"
        }
    }

  # module.helm.helm_release.theia-cloud-crds[0] will be created
  + resource "helm_release" "theia-cloud-crds" {
      + atomic                     = false
      + chart                      = "theia-cloud-crds"
      + cleanup_on_fail            = false
      + create_namespace           = true
      + dependency_update          = false
      + disable_crd_hooks          = false
      + disable_openapi_validation = false
      + disable_webhooks           = false
      + force_update               = false
      + id                         = (known after apply)
      + lint                       = false
      + manifest                   = (known after apply)
      + max_history                = 0
      + metadata                   = (known after apply)
      + name                       = "theia-cloud-crds"
      + namespace                  = "theiacloud"
      + pass_credentials           = false
      + recreate_pods              = false
      + render_subchart_notes      = true
      + replace                    = false
      + repository                 = "https://github.eclipsesource.com/theia-cloud-helm"
      + reset_values               = false
      + reuse_values               = false
      + skip_crds                  = false
      + status                     = "deployed"
      + timeout                    = 300
      + verify                     = false
      + version                    = "0.10.0"
      + wait                       = true
      + wait_for_jobs              = false
    }

  # module.keycloak.keycloak_openid_audience_protocol_mapper.audience will be created
  + resource "keycloak_openid_audience_protocol_mapper" "audience" {
      + add_to_access_token      = true
      + add_to_id_token          = true
      + client_id                = (known after apply)
      + id                       = (known after apply)
      + included_custom_audience = "theia-cloud"
      + name                     = "audience"
      + realm_id                 = (known after apply)
    }

  # module.keycloak.keycloak_openid_client.theia-cloud will be created
  + resource "keycloak_openid_client" "theia-cloud" {
      + access_token_lifespan                     = (known after apply)
      + access_type                               = "PUBLIC"
      + admin_url                                 = (known after apply)
      + backchannel_logout_session_required       = true
      + base_url                                  = (known after apply)
      + client_authenticator_type                 = "client-secret"
      + client_id                                 = "theia-cloud"
      + client_offline_session_idle_timeout       = (known after apply)
      + client_offline_session_max_lifespan       = (known after apply)
      + client_secret                             = (sensitive value)
      + client_session_idle_timeout               = (known after apply)
      + client_session_max_lifespan               = (known after apply)
      + consent_required                          = (known after apply)
      + consent_screen_text                       = (known after apply)
      + description                               = (known after apply)
      + direct_access_grants_enabled              = true
      + display_on_consent_screen                 = (known after apply)
      + enabled                                   = true
      + exclude_session_state_from_auth_response  = (known after apply)
      + frontchannel_logout_enabled               = (known after apply)
      + full_scope_allowed                        = true
      + id                                        = (known after apply)
      + implicit_flow_enabled                     = false
      + import                                    = false
      + name                                      = (known after apply)
      + oauth2_device_authorization_grant_enabled = false
      + realm_id                                  = (known after apply)
      + resource_server_id                        = (known after apply)
      + root_url                                  = (known after apply)
      + service_account_user_id                   = (known after apply)
      + service_accounts_enabled                  = false
      + standard_flow_enabled                     = true
      + use_refresh_tokens                        = true
      + use_refresh_tokens_client_credentials     = false
      + valid_post_logout_redirect_uris           = (known after apply)
      + valid_redirect_uris                       = (known after apply)
      + web_origins                               = (known after apply)
    }

  # module.keycloak.keycloak_openid_group_membership_protocol_mapper.groups will be created
  + resource "keycloak_openid_group_membership_protocol_mapper" "groups" {
      + add_to_access_token = true
      + add_to_id_token     = true
      + add_to_userinfo     = true
      + claim_name          = "groups"
      + client_id           = (known after apply)
      + full_path           = true
      + id                  = (known after apply)
      + name                = "groups"
      + realm_id            = (known after apply)
    }

  # module.keycloak.keycloak_realm.theia-cloud will be created
  + resource "keycloak_realm" "theia-cloud" {
      + access_code_lifespan                     = (known after apply)
      + access_code_lifespan_login               = (known after apply)
      + access_code_lifespan_user_action         = (known after apply)
      + access_token_lifespan                    = (known after apply)
      + access_token_lifespan_for_implicit_flow  = (known after apply)
      + action_token_generated_by_admin_lifespan = (known after apply)
      + action_token_generated_by_user_lifespan  = (known after apply)
      + browser_flow                             = (known after apply)
      + client_authentication_flow               = (known after apply)
      + client_session_idle_timeout              = (known after apply)
      + client_session_max_lifespan              = (known after apply)
      + direct_grant_flow                        = (known after apply)
      + docker_authentication_flow               = (known after apply)
      + duplicate_emails_allowed                 = (known after apply)
      + edit_username_allowed                    = (known after apply)
      + enabled                                  = true
      + id                                       = (known after apply)
      + internal_id                              = (known after apply)
      + login_with_email_allowed                 = (known after apply)
      + oauth2_device_code_lifespan              = (known after apply)
      + oauth2_device_polling_interval           = (known after apply)
      + offline_session_idle_timeout             = (known after apply)
      + offline_session_max_lifespan             = (known after apply)
      + offline_session_max_lifespan_enabled     = false
      + realm                                    = "TheiaCloud"
      + refresh_token_max_reuse                  = 0
      + registration_allowed                     = (known after apply)
      + registration_email_as_username           = (known after apply)
      + registration_flow                        = (known after apply)
      + remember_me                              = (known after apply)
      + reset_credentials_flow                   = (known after apply)
      + reset_password_allowed                   = (known after apply)
      + revoke_refresh_token                     = false
      + ssl_required                             = "external"
      + sso_session_idle_timeout                 = (known after apply)
      + sso_session_idle_timeout_remember_me     = (known after apply)
      + sso_session_max_lifespan                 = (known after apply)
      + sso_session_max_lifespan_remember_me     = (known after apply)
      + user_managed_access                      = false
      + verify_email                             = (known after apply)
    }

  # module.keycloak.keycloak_user.test-user-bar will be created
  + resource "keycloak_user" "test-user-bar" {
      + email          = "bar@theia-cloud.io"
      + email_verified = true
      + enabled        = true
      + id             = (known after apply)
      + realm_id       = (known after apply)
      + username       = "bar"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

  # module.keycloak.keycloak_user.test-user-foo will be created
  + resource "keycloak_user" "test-user-foo" {
      + email          = "foo@theia-cloud.io"
      + email_verified = true
      + enabled        = true
      + id             = (known after apply)
      + realm_id       = (known after apply)
      + username       = "foo"

      + initial_password {
          + temporary = false
          + value     = (sensitive value)
        }
    }

Plan: 15 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + try_now = (known after apply)

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.cluster.google_container_cluster.primary: Creating...
module.cluster.google_container_cluster.primary: Still creating... [10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [20s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [30s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [40s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [50s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m0s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m20s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m30s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m40s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [1m50s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m0s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m20s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m30s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m40s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [2m50s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m0s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m20s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m30s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m40s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [3m50s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m0s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m20s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m30s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m40s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [4m50s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m0s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m10s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [5m51s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m1s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m11s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [6m51s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m1s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m11s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [7m51s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m1s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m11s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [8m51s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m1s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m11s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [9m51s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m1s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m11s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m21s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m31s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m41s elapsed]
module.cluster.google_container_cluster.primary: Still creating... [10m51s elapsed]
module.cluster.google_container_cluster.primary: Creation complete after 10m57s [id=projects/<my_project_id>/locations/asia-south2-a/clusters/gke-theia-cloud]
module.cluster.google_container_node_pool.primary_nodes: Creating...
module.cluster.google_container_node_pool.primary_nodes: Still creating... [10s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [20s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [30s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [40s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [50s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [1m0s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Still creating... [1m10s elapsed]
module.cluster.google_container_node_pool.primary_nodes: Provisioning with 'local-exec'...
module.cluster.google_container_node_pool.primary_nodes (local-exec): Executing: ["/bin/sh" "-c" "gcloud container clusters get-credentials gke-theia-cloud --zone asia-south2-a --project <my_project_id>"]
module.cluster.google_container_node_pool.primary_nodes (local-exec): Fetching cluster endpoint and auth data.
module.cluster.google_container_node_pool.primary_nodes (local-exec): kubeconfig entry generated for gke-theia-cloud.
module.cluster.google_container_node_pool.primary_nodes: Creation complete after 1m18s [id=projects/<my_project_id>/locations/asia-south2-a/clusters/gke-theia-cloud/nodePools/default-pool]
module.cluster.data.google_client_config.default: Reading...
module.cluster.data.google_client_config.default: Read complete after 0s [id=projects/<my_project_id>/regions//zones/asia-south2-a]
google_compute_address.host_ip: Creating...
module.helm.helm_release.cert-manager: Creating...
google_compute_address.host_ip: Still creating... [10s elapsed]
module.helm.helm_release.cert-manager: Still creating... [10s elapsed]
google_compute_address.host_ip: Creation complete after 13s [id=projects/<my_project_id>/regions/asia-south2/addresses/theia-cloud-nginx-ip]
module.helm.helm_release.nginx-ingress-controller[0]: Creating...
module.helm.helm_release.cert-manager: Still creating... [20s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [10s elapsed]
module.helm.helm_release.cert-manager: Still creating... [30s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [20s elapsed]
module.helm.helm_release.cert-manager: Still creating... [40s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [30s elapsed]
module.helm.helm_release.cert-manager: Still creating... [50s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [40s elapsed]
module.helm.helm_release.cert-manager: Creation complete after 58s [id=cert-manager]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [50s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [1m0s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [1m10s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Still creating... [1m20s elapsed]
module.helm.helm_release.nginx-ingress-controller[0]: Creation complete after 1m29s [id=nginx-ingress-controller]
module.helm.helm_release.theia-cloud-base[0]: Creating...
module.helm.helm_release.theia-cloud-base[0]: Creation complete after 3s [id=theia-cloud-base]
module.helm.helm_release.theia-cloud-crds[0]: Creating...
module.helm.helm_release.keycloak: Creating...
module.helm.helm_release.theia-cloud-crds[0]: Still creating... [10s elapsed]
module.helm.helm_release.keycloak: Still creating... [10s elapsed]
module.helm.helm_release.theia-cloud-crds[0]: Still creating... [20s elapsed]
module.helm.helm_release.theia-cloud-crds[0]: Creation complete after 20s [id=theia-cloud-crds]
module.helm.helm_release.keycloak: Still creating... [20s elapsed]
module.helm.helm_release.keycloak: Still creating... [30s elapsed]
module.helm.helm_release.keycloak: Still creating... [40s elapsed]
module.helm.helm_release.keycloak: Still creating... [50s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m0s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m10s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m20s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m30s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m40s elapsed]
module.helm.helm_release.keycloak: Still creating... [1m50s elapsed]
module.helm.helm_release.keycloak: Provisioning with 'local-exec'...
module.helm.helm_release.keycloak (local-exec): Executing: ["/bin/sh" "-c" "kubectl patch deploy ingress-nginx-controller --type='json' -n ingress-nginx -p '[{\"op\":\"add\",\"path\":\"/spec/template/spec/containers/0/args/-\",\"value\":\"--default-ssl-certificate=keycloak/34.126.212.153.sslip.io-tls\"}]' && kubectl wait pods -n ingress-nginx -l app.kubernetes.io/component=controller --for condition=Ready --timeout=90s && kubectl wait certificate -n keycloak 34.126.212.153.sslip.io-tls --for condition=Ready --timeout=90s"]
module.helm.helm_release.keycloak (local-exec): deployment.apps/ingress-nginx-controller patched
module.helm.helm_release.keycloak (local-exec): pod/ingress-nginx-controller-658464b955-tbgsx condition met
module.helm.helm_release.keycloak: Still creating... [2m0s elapsed]
module.helm.helm_release.keycloak (local-exec): pod/ingress-nginx-controller-84448f9767-l9b22 condition met
module.helm.helm_release.keycloak (local-exec): certificate.cert-manager.io/34.126.212.153.sslip.io-tls condition met
module.helm.helm_release.keycloak: Creation complete after 2m4s [id=keycloak]
module.helm.helm_release.theia-cloud[0]: Creating...
module.helm.helm_release.theia-cloud[0]: Still creating... [10s elapsed]
module.helm.helm_release.theia-cloud[0]: Still creating... [20s elapsed]
module.helm.helm_release.theia-cloud[0]: Creation complete after 27s [id=theia-cloud]
module.keycloak.keycloak_realm.theia-cloud: Creating...
module.keycloak.keycloak_realm.theia-cloud: Creation complete after 10s [id=TheiaCloud]
module.keycloak.keycloak_user.test-user-foo: Creating...
module.keycloak.keycloak_user.test-user-bar: Creating...
module.keycloak.keycloak_openid_client.theia-cloud: Creating...
module.keycloak.keycloak_user.test-user-foo: Creation complete after 1s [id=5b1c8f23-e10a-4995-9f7e-09f71fbdd8c6]
module.keycloak.keycloak_user.test-user-bar: Creation complete after 1s [id=b0cc7aa2-5d6d-45ea-a5ef-120754549680]
module.keycloak.keycloak_openid_client.theia-cloud: Creation complete after 1s [id=dd23b618-23b0-4348-b0c9-8948d88cd187]
module.keycloak.keycloak_openid_audience_protocol_mapper.audience: Creating...
module.keycloak.keycloak_openid_group_membership_protocol_mapper.groups: Creating...
module.keycloak.keycloak_openid_group_membership_protocol_mapper.groups: Creation complete after 0s [id=fdd90deb-8db5-4740-ba48-389e5563ad8f]
module.keycloak.keycloak_openid_audience_protocol_mapper.audience: Creation complete after 0s [id=cd2e15f4-3b9f-4be2-8ac5-4be96b80987d]

Apply complete! Resources: 15 added, 0 changed, 0 destroyed.

Outputs:

try_now = "https://<IP>.sslip.io/trynow/"

[kartikwatwani]

[jfaltermeier]

Hi,

I think you need to check the kubernetes resources to gather more information. With

kubectl -n ingress-nginx get deployments
kubectl -n ingress-nginx get services

you should be able to check whether the nginx ingress controller is running and check its external IP, which should also be the one used in the try now url.

If this looks good, you should check the Theia Cloud related resources, if you can identify something wrong there:

kubectl -n theiacloud get deployments
kubectl -n theiacloud get services
kubectl -n theiacloud get ingress

[kartikwatwani]

I was able to run the try now page after deleting the previous kubernetes and using a different GC service account while using theia-cloud.