search

fluxcd / image-automation-controller

GitOps Toolkit controller that patches container image tags in Git
https://fluxcd.io
Apache License 2.0
172 stars 71 forks source link

I use flux for deploy my app and sync my cluster I have this error when I try image update #621

Open ale900522 opened 9 months ago

ale900522 commented 9 months ago

image repository result: Normal Succeeded 33m image-reflector-controller successful scan: found 3 tags
Normal Succeeded 3m10s (x6 over 28m) image-reflector-controller no new tags found, next scan in 5m0s image policy result: Normal Succeeded 97s (x21 over 36m) image-reflector-controller Latest image tag for registry.gitlab.com/repo/image:0.0.2' resolved to 0.0.2 But image update the result is: Warning error 64s (x11 over 13m) image-automation-controller authorization failed

darkowlzz commented 9 months ago

Hi, can you provide more information about your setup so that we can reproduce this issue? Some configurations and information like which git provider, as this is an authorization failure, which could be related to the git repository access token or ssh key that is configured for image update to use. Also, you can pass --log-level=trace to the container arguments in image-automation-controller deployment to enable trace logs and see if the logs contain any more information about the failure. Just making a guess, if you have used the same git repository secret with a GitRepository object (source-controller) and it was able to pull the source but the same secret isn't working with image-automation, it may be that the secret lacks write permission to the repository.

ale900522 commented 9 months ago

Yes this my complete config:

image repository:

image repositories its fine image policy its fine image update its error authorization failed

---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
  name: api-repo
  namespace: flux-system
spec:
  exclusionList:
  - ^.*\.sig$
  image: registry.gitlab.com/api-repo
  interval: 5m0s
  provider: generic
  secretRef:
    name: regcred
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
  name: api-repo-policy
  namespace: flux-system
spec:
  imageRepositoryRef:
    name: api-repo
  policy:
    semver:
      range: '>=0.0.1'
---
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
  name: api-repo-gitlab  
  namespace: flux-system
spec:
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        email: admin@example.com
        name: admin
      messageTemplate: |-
        {{ range .Updated.Images -}}
        [demo] Automated image update **{{ $.AutomationObject }}** to **{{ .Identifier }}**
        {{ end -}}
        Automation name: {{ .AutomationObject }}

        Files:
        {{ range $filename, $_ := .Updated.Files -}}
        - {{ $filename }}
        {{ end -}}

        Objects:
        {{ range $resource, $_ := .Updated.Objects -}}
        - {{ $resource.Kind }} {{ $resource.Name }}
        {{ end -}}

        Images:
        {{ range .Updated.Images -}}
        - {{.}}
        {{ end -}}
  interval: 1m0s
  sourceRef:
    kind: GitRepository
    name: api-repo-gitlab  #this GitRepositorie exit in flux-system namespace
    namespace: flux-system
  update:
    strategy: Setters
darkowlzz commented 9 months ago

As mentioned above, this seems to be a git authentication error. Please check what I guessed above

Just making a guess, if you have used the same git repository secret with a GitRepository object (source-controller) and it was able to pull the source but the same secret isn't working with image-automation, it may be that the secret lacks write permission to the repository.

Without details about the GitRepository and how it authenticates, can't say much. Please check if the git authentication mechanism has write access. Also please check the logs for any relevant information when this failure happens.