search

ipedrazas / drone-helm

Helm (Kubernetes) plugin for drone.io
MIT License
121 stars 90 forks source link

Error: API Server is needed to deploy #81

Open richthegeek opened 6 years ago

richthegeek commented 6 years ago

Im getting this error message and I can't figure out why. As far as I can tell, the API Server is specified in my pipeline:

  deploy_helm:
    image: quay.io/ipedrazas/drone-helm
    api_server: https://my-k8s-server.foo.com
    kubernetes_token: ... token from kube ...
    chart: ./kubernetes/neo
    release: neo
    values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7},version=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
    when:
      branch: master
      event: push

Is there anything obviously wrong with that?

Unrelated, but can I use the DNS address as I'm running Drone in the same cluster as the deployment target e.g.: api_server: http://kubernetes.default.svc.local

robert-bo-davis commented 6 years ago

API_SERVER and KUBERNETES_TOKEN are configured to be passed in as specifically named environment variables, not as plugin arguments. They should probably be stored in drone as secrets and then passed in like this:

  deploy_helm:
    image: quay.io/ipedrazas/drone-helm
    chart: ./kubernetes/neo
    release: neo
    values: image.tag=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7},version=${DRONE_BRANCH}-${DRONE_COMMIT_SHA:0:7}
    secrets:
      - api_server
      - kubernetes_token
    when:
      branch: master
      event: push

There is an interface in the repository settings UI for managing secrets that isn't described very well in the documentation, but it is fairly simple to use.

one000mph commented 5 years ago

Also worth noting: if you are specifying a prefix that will also apply to your api_server and kubernetes_token secrets. The script I use is


    export ACTION=add
    export REPO=org/myrepo
    export PREFIX=prod_
    # export CLUSTER_URI, UNENCODED_TOKEN, BASE64_CERT
    drone secret $ACTION --repository $REPO --name "${PREFIX}api_server" --value $CLUSTER_URI
    drone secret $ACTION --repository $REPO --name "${PREFIX}kubernetes_token" --value $UNENCODED_TOKEN
    drone secret $ACTION --repository $REPO --name "${PREFIX}kubernetes_certificate" --value $BASE64_CERT```
captainsano commented 5 years ago

Am facing the same issue as well, using drone v1.0.5. My step is as follows:

- name: deploy_staging
  image: quay.io/ipedrazas/drone-helm
  settings:
    skip_tls_verify: true
    chart: ./charts/mychart
    release: my-release
    wait: true
    recreate_pods: true
    secrets:
      - api_server
      - kubernetes_token
    values: imageTag=${DRONE_COMMIT_SHA}
    dry_run: true
    debug: true
  when:
    branch: master

I've added the secrets api_server (the cluster ip obtained from kubectl cluster-info) and kubernetes_token by executing docker secret add.... My debug output has the last few lines:

96 | -ReplVar: _API_SERVER => API_SERVER--
97 | -ReplVar: _KUBERNETES_TOKEN => KUBERNETES_TOKEN--
98 | -ReplVar: _SERVICE_ACCOUNT => SERVICE_ACCOUNT--
99 | Error: API Server is needed to deploy.
one000mph commented 5 years ago

Hmm I've had similar issues. Looks like you are not using a prefix at all so it expects the secret to have an underscore _ so your secret should be literally _API_SECRET. Command to add the secret: drone secret add --repository [repo] --name _API_SECRET --value https://[cluster-ip]

See if that helps? If not, check if that your are setting the permissions on the secret correctly so that all your secrets can be used for the event that you expect. Allowed values are set with the --event flag added to the command above --event push --event tag --event deployment --event pull_request

ipedrazas commented 5 years ago

I guess I should add this to the docs because it creates a bit of confusion

On Mon, 28 Jan 2019 at 00:50, Heather Young notifications@github.com wrote:

Hmm I've had similar issues. Looks like you are not using a prefix at all so it expects the secret to have an underscore _ so your secret should be literally _API_SECRET. Command to add the secret: drone secret add --repository [repo] --name _API_SECRET --value https:// [cluster-ip]

See if that helps? If not, check if that your are setting the permissions on the secret correctly so that all your secrets can be used for the event that you expect. Allowed values are set with the --event flag added to the command above --event push --event tag --event deployment --event pull_request

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ipedrazas/drone-helm/issues/81#issuecomment-457970088, or mute the thread https://github.com/notifications/unsubscribe-auth/AACAHGY4b_M51k8_nMEfOsOulF-4NeZiks5vHklOgaJpZM4YoWhT .

captainsano commented 5 years ago

Thanks for your response @one000mph and @ipedrazas! Its working now with the following:

  - name: deploy_staging
    image: quay.io/ipedrazas/drone-helm
    environment:
      STAGING_API_SERVER:
        from_secret: staging_api_server
      STAGING_KUBERNETES_TOKEN:
        from_secret: staging_kubernetes_token
    settings:
         ....

This replaces setting.secrets: [staging_api_server, staging_kubernetes_token] in 0.8 syntax. I added the prefix STAGING, which is also the prefix of the env var.