Open cr-zlilaharon opened 3 years ago
apologies, we don't have any BDD tests on the minikube installation and I think it broke.
Any chance you could install from a clean new repository based on this please: https://github.com/jx3-gitops-repositories/jx3-minikube/generate we've removed vault from the install which hopefully fixes this
@jstrachan Thank you for the feedback. I ran a clean install from the template you provided, running the same steps from this guide
It appears the link you provided and the one in the guide are the same. I'm still getting the same result as described in the original post.
Let me know if there is anything i can modify to overcome this.
Thank you very much.
just to be 100% clear - your git repository you passed to the git operator has this line right? https://github.com/jx3-gitops-repositories/jx3-minikube/blob/master/jx-requirements.yml#L30
i.e. its not still using vault?
@jstrachan Yes, 100%. I'm up to date with commit https://github.com/jx3-gitops-repositories/jx3-minikube/commit/b1008d03673ec9903dce8cad17ddb1ce354d7893
Hey guys, I just ran into this issue as well. I.e.: minikube install is not possible at this moment (https://github.com/jenkins-x/jx-cli/releases/download/v3.1.266/jx-cli-linux-amd64.tar.gz and https://github.com/jx3-gitops-repositories/jx3-minikube).
@jstrachan @ginosubscriptions Hey, updating with some more findings:
I managed to somehow bypass the vault creation by changing jx3-minikube/.jx/secret/mapping/secret-mappings.yaml
It had many entries with backendType: vault
I changed it to backendType: local-external-secrets
but I'm really not sure what should go there.
At the moment there are a bunch of pods in the jx
namespace that cannot be created due to missing secrets:
jx-git-operator jx-boot-19d90010-c7e2-486b-8d69-7bcf896485ac-hc624 1/1 Running 0 7m14
s
jx-git-operator jx-git-operator-6897847dd-nb64r 1/1 Running 0 7m32
s
jx bucketrepo-bucketrepo-685978fbcd-kkjk7 0/1 ContainerCreating 0 5m53
s
jx docker-registry-6d9dc74c67-r6ht2 0/1 CreateContainerConfigError 0 5m54
s
jx jx-build-controller-69f4b9fff8-gfb4g 0/1 ContainerCreating 0 5m54
s
jx jx-pipelines-visualizer-68b679547c-54cq7 0/1 ContainerCreating 0 5m52
s
jx jx-preview-gc-jobs-1613914800-95vnx 0/1 Error 0 89s
jx jx-preview-gc-jobs-1613914800-dgdtm 0/1 Error 0 2m24
s
jx jx-preview-gc-jobs-1613914800-rcxgp 0/1 Error 0 109s
jx jx-preview-gc-jobs-1613914800-sxrbn 0/1 Error 0 119s
jx jx-preview-gc-jobs-1613914800-vbdpm 0/1 Error 0 49s
jx lighthouse-foghorn-66d8777bc-mpsx2 0/1 CreateContainerConfigError 0 5m51
s
jx lighthouse-keeper-88c54fdc9-xtk9m 0/1 CreateContainerConfigError 0 5m50
s
jx lighthouse-tekton-controller-9748dc647-hk77w 1/1 Running 0 5m51
s
jx lighthouse-webhooks-7b66d5c675-rzvm7 0/1 CreateContainerConfigError 0 5m50
I just want to point out that even before the change i made these pods failed to create due to missing secrets. So my assumption is that currently we do not have a working secret management on minikube deployment.
The jx admin operator
logs looks like so now:
# lets wait for the ExternalSecrets service to populate the mandatory Secret resources
VAULT_ADDR=https://vault.jx-vault:8200 jx secret wait -n jx
waiting for the mandatory Secrets to be populated from ExternalSecrets...
bucketrepo-config: key missing properties:
docker-registry-secret: key missing properties:
jenkins-x-bucketrepo: key missing properties: ,
jx-basic-auth-user-password: key missing properties: ,
lighthouse-hmac-token: key missing properties:
lighthouse-oauth-token: key missing properties:
tekton-container-registry-auth: key missing properties:
tekton-git: key missing properties: ,
@jstrachan Perhaps you can point me to the local-external-secret installation part or elaborate on how that part works? Thank you very much.
@cr-zlilaharon @jstrachan I did get a bit further following the procedure of replacing the backendType: vault with backendType: local-external-secrets AND capturing the secrets creation yaml files from the boot pod and running them manually (requires creating the jx namespace first). If you then execute the jx admin operator command, it indeed doesn't hang when requiring vault-0, nor does it fail getting the secrets. I now have a set of running jx pods (in the corresponding namespaces). I am missing the kuberhealthy, nginx and secret-infra namespaces and pods, but maybe that is acceptable/normal. Basically, everything looks like it's running.
As an alternative test, I also installed HashiCorp Vault (with Consul) to actually have a vault-0 running when launching jx admin operator. This too solves the problem of hanging on vault-0, but fails immediately after, because jx admin operator still fails to connect to the vault (i.e.: vault-0 is ready, but the installation cannot continue as it cannot create/get secrets as it cannot connect). I'm not sure it the vault-0 pod can be individually created (as I did) in minikube and if there are some steps to "make it compatible" with the jx setup procedure, or if indeed the jx setup does create its own. I'll be investigating this further the coming week...
@ginosubscriptions Can you specify what yaml files you apply for secret creation, and how? Thank you.
@ginosubscriptions Can you specify what yaml files you apply for secret creation, and how? Thank you.
Hi @cr-zlilaharon, I recuperate them from the jx-boot-[generated ID] pod running under the jx-git-operator namespace. Unfortunately, since this pod is now completed, I cannot exec into it anymore to tell you exactly where they were located (I think it was under /tmp, but I'm not 100% certain). I did for my own convenience create a (all secrets) YAML file so that I can run the secret creation before running the jx admin operator command.
I.e.: this is the procedure I would follow:
@jstrachan, as it turns out, I get exactly the same problem when using the GKE procedure. I took the time to go over the excellent video series on JX3 (https://www.youtube.com/watch?v=kDCNDAyqwpo&list=PLr_PmC4W69dKM3fo8OK729fdmX_MTqdHd), which worked like a charm, until I substituted the Google Secrets Manager configuration by the HashiCorp Vault configuration (read: use URL https://github.com/ginosubscriptions-org001/jx3-cluster-vault-gke as basis for cluster resources generation with Terraform). Terraform apply hangs (using the jx admin log command to monitor cluster generation progress) at exactly the same "waiting for vault" error as the minikube setup.
Since I'm assuming the GKE context might be of higher priority, I thought this good for you to know.
Cheers.
@ginosubscriptions if you switched to GSM you will need to configure + rerun the terraform - did you do that?
@ginosubscriptions if you switched to GSM you will need to configure + rerun the terraform - did you do that?
Hi @jstrachan, I was actually successful using the latest and greatest version (just restart from scratch and used all latest release versions) on GKE. Everything works, and I have my repeatable procedure for GKE now. Thanks so much for that.
I'm now stuck repeating this on Minikube, where although jx create spring successfully completes, it does not create an application... I'll see if I can find any issue related to that. Otherwise, I'll open a new GitHub issue for Minikube on that one.
Thanks again.
@ginosubscriptions is it a webhooks issue? did you setup ngrok on minikube? were webhooks delivered correctly to trigger pipelines? https://jenkins-x.io/v3/admin/platforms/on-premise/webhooks/
@ginosubscriptions is it a webhooks issue? did you setup ngrok on minikube? were webhooks delivered correctly to trigger pipelines? https://jenkins-x.io/v3/admin/platforms/on-premise/webhooks/
@jstrachan I think I did properly set up webhooks, as the created projects get the correct DDNS URL in their webhooks settings and I can reach (200 response) the URL [DDNS]/hook. That being said, I did not use ngrok to do this, as I have my free subscription to another DDNS. To be 100% certain that I'm in a reference environment I'll set up ngrok first and if I get the same problem, I'll let you know. Thanks!
@jstrachan, I tried with ngrok, but due to my fairly nested development environment setup and the fact that ngrok doesn't actually allow for a fixed DNS name (as long as you don't pay), I prefer to use my own (NoIP) dynamic DNS mechanism (which I already have subscribed to). I did use ngrok, but funnily enough, I got better results using NoIP DDNS with NodePort. More specifically, I changed the svc/hook to be of type NodePort on a specific port and I was certainly able to access it (using browser => 200 response). Using the procedure set forth in https://jenkins-x.io/v3/admin/platforms/on-premise/webhooks/ I indeed configured the ingress.customHosts.hook key in the charts/jenkins-x/jxboot-helmfile-resources/values.yaml file to point to my DDNS name (which results in creating the hook ingress with that DDNS as host name). However, when creating a new quick start application (e.g. the golang-http example from the tutorial video), nothing happens. The process just hangs on the (cloned) jx3-minikube repository's pull request (saying it's waiting for an approved label => adding that label doesn't change anything). Would you perhaps be able to share a procedure - outside-in (GitHub to Minikube) and inside-out (Minikube to GitHub) - to really be able to test that I correctly configured my webhook? Also, could you (just to be 100% certain that the JX3 install did indeed correctly complete) share what the expected K8s resources are in the Minikube deployment? This might help me to find the root cause of the problem.
Many thanks in advance.
Also, I'm perfectly fine returning the favor by sharing my entire (very) detailed procedure on how to set up a Hyper-V Ubuntu Minikube VM inside of my Windows 10 developer station (I am not using the standard Windows Minikube approach, as this creates problems down the road with the JX3 install). More specifically, for anyone trying to set up a Windows/Minikube full-fledged JX3 development pipeline, maybe I can provide you with a detailed procedure that could help the community? Just let me know if that is of interest to you.
Summary
Hey, I'm running a vanilla install for the minikube distribution, from the official documentation. Everything goes well until i run the
jx admin operator
command, which works fine until the part where it tries to install vault.The last part of the log looks like so:
No 'jx-vault' namespace is created, and the installation hangs here indefinitely.
These are the namespaces / pods available at this point:
Steps to reproduce the behavior
Run though the default minikube installation
Expected behavior
Vault namespace and pods should be created.
Actual behavior
Vault namespace and pods are not created.
Jx version
version: 3.1.251
Diagnostic information
"diagnose" Command not found
Kubernetes cluster
minikube version: v1.15.1
Kubectl version
The output of
kubectl version --client
is:Operating system / Environment
MacOS 10.15.7