Closed samgabrail closed 3 years ago
Hi @samgabrail! It looks like you're using consul-helm master
instead of consul-helm's latest release, -log-json
was just added about a week ago but has not been released yet. In our next release both consul-k8s and consul-helm will support it.
If you're using the development branch as the base for your helm installs you'll also need to provide a new build of consul-k8s from it's branch and use this as your imageK8s:
argument in helm.
Sorry for the inconvience!
thanks, @kschoche makes sense.
Community Note
Overview of the Issue
When running helm with ConnectInject enabled, the consul-consul-webhook-cert-manager pod is in crashloopback state and the logs show the following:
Reproduction Steps
values.yml
:server: replicas: ${var.num_consul_pods} bootstrapExpect: ${var.num_consul_pods}
connectInject: enabled: true default: false replicas: 1
NAME READY STATUS RESTARTS AGE pod/consul-consul-56pvp 1/1 Running 0 42m pod/consul-consul-connect-injector-webhook-deployment-66fc8b65q69kw 0/1 ContainerCreating 0 42m pod/consul-consul-connect-injector-webhook-deployment-67fbcd9dhb8l4 0/1 ContainerCreating 0 26m pod/consul-consul-pf9xb 1/1 Running 0 42m pod/consul-consul-q8cpp 1/1 Running 0 42m pod/consul-consul-server-0 1/1 Running 0 44m pod/consul-consul-webhook-cert-manager-6f98c87648-gm7f6 0/1 CrashLoopBackOff 13 42m
flag provided but not defined: -log-json Usage: -config-file string Path to a config file to read webhook configs from. This file must be in JSON format. -deployment-name string Name of deployment that the cert-manager pod is managed by. -deployment-namespace string Namespace of deployment that the cert-manager pod is managed by. -kubeconfig value The path to a kubeconfig file to use for authentication. If this is blank, the default kubeconfig path (~/.kube/config) will be checked. If no kubeconfig is found, in-cluster auth will be used. -log-level string Log verbosity level. Supported values (in order of detail) are "trace", "debug", "info", "warn", and "error". (default "info") Error parsing flagSet: flag provided but not defined: -log-json
NAME READY STATUS RESTARTS AGE pod/consul-consul-connect-injector-webhook-deployment-66fc8b65jjqsl 0/1 CrashLoopBackOff 5 4m38s pod/consul-consul-l76ck 1/1 Running 0 10m pod/consul-consul-m54jr 1/1 Running 0 10m pod/consul-consul-server-0 1/1 Running 0 10m pod/consul-consul-stmcc 1/1 Running 0 10m pod/consul-consul-webhook-cert-manager-75cd69fffb-6bd9l 1/1 Running 0 10m
k logs -f pod/consul-consul-connect-injector-webhook-deployment-66fc8b65jjqsl flag provided but not defined: -log-json Usage: -acl-auth-method string The name of the Kubernetes Auth Method to use for connectInjection if ACLs are enabled. -allow-k8s-namespace value K8s namespaces to explicitly allow. May be specified multiple times. -ca-file value Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable. -ca-path value Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable. -client-cert value Path to a client cert file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable. -client-key value Path to a client key file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable. -consul-ca-cert string [Deprecated] Please use '-ca-file' flag instead. Path to CA certificate to use if communicating with Consul clients over HTTPS. -consul-cross-namespace-acl-policy string [Enterprise Only] Name of the ACL policy to attach to all created Consul namespaces to allow service discovery across Consul namespaces. Only necessary if ACLs are enabled. -consul-destination-namespace string [Enterprise Only] Defines which Consul namespace to register all injected services into. If '-enable-k8s-namespace-mirroring' is true, this is not used. (default "default") -consul-image string Docker image for Consul. -consul-k8s-image string Docker image for consul-k8s. Used for the connect sidecar. -consul-sidecar-cpu-limit string Consul sidecar CPU limit. (default "20m") -consul-sidecar-cpu-request string Consul sidecar CPU request. (default "20m") -consul-sidecar-memory-limit string Consul sidecar memory limit. (default "50Mi") -consul-sidecar-memory-request string Consul sidecar memory request. (default "25Mi") -default-enable-metrics Default for enabling connect service metrics. -default-enable-metrics-merging Default for enabling merging of connect service metrics and envoy proxy metrics. -default-enable-transparent-proxy Enable transparent proxy mode for all Consul service mesh applications by default. (default true) -default-inject Inject by default. (default true) -default-merged-metrics-port string Default port for merged metrics endpoint on the consul-sidecar. (default "20100") -default-prometheus-scrape-path string Default path where Prometheus scrapes connect metrics from. (default "/metrics") -default-prometheus-scrape-port string Default port where Prometheus scrapes connect metrics from. (default "20200") -default-protocol string The default protocol to use in central config registrations. -default-sidecar-proxy-cpu-limit string Default sidecar proxy CPU limit. -default-sidecar-proxy-cpu-request string Default sidecar proxy CPU request. -default-sidecar-proxy-memory-limit string Default sidecar proxy memory limit. -default-sidecar-proxy-memory-request string Default sidecar proxy memory request. -deny-k8s-namespace value K8s namespaces to explicitly deny. Takes precedence over allow. May be specified multiple times. -enable-central-config Write a service-defaults config for every Connect service using protocol from -default-protocol or Pod annotation. -enable-k8s-namespace-mirroring [Enterprise Only] Enables k8s namespace mirroring. -enable-namespaces [Enterprise Only] Enables namespaces, in either a single Consul namespace or mirrored. -enable-openshift Indicates that the command runs in an OpenShift cluster. -envoy-extra-args string Extra envoy command line args to be set when starting envoy (e.g "--log-level debug --disable-hot-restart"). -envoy-image string Docker image for Envoy. -http-addr address The address and port of the Consul HTTP agent. The value can be an IP address or DNS address, but it must also include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. The default value is http://127.0.0.1:8500. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. -init-container-cpu-limit string Init container CPU limit. (default "50m") -init-container-cpu-request string Init container CPU request. (default "50m") -init-container-memory-limit string Init container memory limit. (default "150Mi") -init-container-memory-request string Init container memory request. (default "25Mi") -k8s-namespace-mirroring-prefix string [Enterprise Only] Prefix that will be added to all k8s namespaces mirrored into Consul if mirroring is enabled. -kubeconfig string Paths to a kubeconfig. Only required if out-of-cluster. -listen string Address to bind listener to. (default ":8080") -log-level string Log verbosity level. Supported values (in order of detail) are "debug", "info", "warn", and "error". (default "info") -release-name string The Consul Helm installation release name, e.g 'helm install' (default "consul")
-release-namespace string
The Consul Helm installation namespace, e.g 'helm install --namespace ' (default "default")
-tls-cert-dir string
Directory with PEM-encoded TLS certificate and key to serve.
-tls-server-name value
The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable.
-token value
ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.
-token-file value
File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable.
-transparent-proxy-default-overwrite-probes
Overwrite Kubernetes probes to point to Envoy by default when in Transparent Proxy mode. (default true)
NAME READY STATUS RESTARTS AGE pod/consul-consul-connect-injector-webhook-deployment-d84458f4rq65r 1/1 Running 0 20s pod/consul-consul-l76ck 1/1 Running 0 12m pod/consul-consul-m54jr 1/1 Running 0 12m pod/consul-consul-server-0 1/1 Running 0 12m pod/consul-consul-stmcc 1/1 Running 0 12m pod/consul-consul-webhook-cert-manager-75cd69fffb-6bd9l 1/1 Running 0 12m