search

kubernetes-retired / cluster-registry

[EOL] Cluster Registry API
https://kubernetes.github.io/cluster-registry/
Apache License 2.0
238 stars 94 forks source link

crinit aggregated init fail due to cannot create the clusterrole #217

Closed jianzhangbjz closed 6 years ago

jianzhangbjz commented 6 years ago

/sig multicluster I followed the doc , but encounter an issue when running the aggregated init command. Seem like the clusterrole clusterregistry.k8s.io:apiserver created failed. Or something else I missed?

[root@host-172-16-120-152 cr]# ./crinit aggregated init jian --host-cluster-context=openshift-ansible-service-broker/172-16-120-152:8443/system:admin --v 10
...
I0406 08:01:13.704456   12221 init.go:200] Successfully created service account
I0406 08:01:13.704533   12221 init.go:204] Creating cluster role clusterregistry.k8s.io:apiserver
I0406 08:01:13.704677   12221 request.go:853] Request Body: {"kind":"ClusterRole","apiVersion":"rbac.authorization.k8s.io/v1","metadata":{"name":"clusterregistry.k8s.io:apiserver","creationTimestamp":null,"labels":{"app":"clusterregistry"}},"rules":[{"verbs":["get","list","watch","create","update","patch","delete"],"apiGroups":["clusterregistry.k8s.io"],"resources":["clusters"]}]}
I0406 08:01:13.704774   12221 round_trippers.go:417] curl -k -v -XPOST  -H "User-Agent: crinit/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Accept: application/json, */*" -H "Content-Type: application/json" https://172.16.120.152:8443/apis/rbac.authorization.k8s.io/v1/clusterroles
I0406 08:01:13.706440   12221 round_trippers.go:436] POST https://172.16.120.152:8443/apis/rbac.authorization.k8s.io/v1/clusterroles 404 Not Found in 1 milliseconds
I0406 08:01:13.706777   12221 round_trippers.go:442] Response Headers:
I0406 08:01:13.706826   12221 round_trippers.go:445]     Content-Type: application/json
I0406 08:01:13.706869   12221 round_trippers.go:445]     Content-Length: 174
I0406 08:01:13.706910   12221 round_trippers.go:445]     Date: Fri, 06 Apr 2018 12:01:13 GMT
I0406 08:01:13.706951   12221 round_trippers.go:445]     Cache-Control: no-store
I0406 08:01:13.707005   12221 request.go:853] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"the server could not find the requested resource","reason":"NotFound","details":{},"code":404}
I0406 08:01:13.707441   12221 init.go:209] Failed to create cluster role &ClusterRole{ObjectMeta:k8s_io_apimachinery_pkg_apis_meta_v1.ObjectMeta{Name:,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[],Finalizers:[],ClusterName:,Initializers:nil,},Rules:[],}: the server could not find the requested resource
F0406 08:01:13.707714   12221 init.go:101] error: the server could not find the requested resource

Below info for your receference. crinit version as below:

[root@host-172-16-120-152 cr]# ./crinit version
version.Info{Major:"", Minor:"", GitVersion:"v0.0.3-32+8ff07ac427132f-dirty", GitCommit:"8ff07ac427132fa8803329c477762a2eba6c5d8f", GitTreeState:"dirty", BuildDate:"2018-04-06T05:04:23Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

current context:

[root@host-172-16-120-152 cr]# oc config get-contexts
CURRENT   NAME                                                                        CLUSTER                                                AUTHINFO                           NAMESPACE
*         openshift-ansible-service-broker/172-16-120-152:8443/system:admin           172-16-120-152:8443                                    system:admin/172-16-120-152:8443   openshift-ansible-service-broker
          default/172-16-120-152:8443/system:admin                                    172-16-120-152:8443                                    system:admin/172-16-120-152:8443   default
          default/host-8-244-1-host-centralci-eng-rdu2-redhat-com:8443/system:admin   host-8-244-1-host-centralci-eng-rdu2-redhat-com:8443   system:admin/172-16-120-152:8443   default
          jmw6p/172-16-120-152:8443/system:admin                                      172-16-120-152:8443                                    system:admin/172-16-120-152:8443   jmw6p
font commented 6 years ago

@jianzhangbjz The creation of the ClusterRole is set to be removed by #207. Also, we are working to eventually use a CRD for the cluster resource (see #215) and can do away with aggregation altogether.

jianzhangbjz commented 6 years ago

@font Got it, thanks. But, do you mean this version cannot work now? What can I do to run it?

jianzhangbjz commented 6 years ago

I tried it with the version which merged #207, and seems like it works well.

[root@host-172-16-120-8 ~]# ./crinit version
version.Info{Major:"", Minor:"", GitVersion:"v0.0.3-36+09150e64516424-dirty", GitCommit:"09150e64516424d315bcb20dea77fe8d0d395116", GitTreeState:"dirty", BuildDate:"2018-04-07T05:03:50Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

running details:

[root@host-172-16-120-8 ~]# ./crinit aggregated init jian --host-cluster-context=openshift-ansible-service-broker/172-16-120-8:8443/system:admin 
Creating a namespace clusterregistry for the cluster registry... done
Creating cluster registry API server service... done
Creating cluster registry objects (credentials, persistent volume claim)... done
Creating RBAC objects... done
Creating cluster registry deployment... done
Creating cluster registry Kubernetes API Service... done
Updating kubeconfig... done
Waiting for the cluster registry API server to come up...................
The cluster registry API pods are running, but they are exposed by a NodePort service, so this tool cannot reliably verify that they are accessible. You will need to ensure that your nodes are routable from this machine in order for kubectl to work as-is with the 'jian' context.
 done
Cluster registry API server is running at: 10.8.241.56:31591, ...
Waiting for the cluster registry API to be available via the aggregator...... done

pod

[root@host-172-16-120-8 ~]# oc get pods
NAME                              READY     STATUS    RESTARTS   AGE
jian-apiserver-69bf66bc8d-gpr2m   2/2       Running   0          1h

service, but seems the load balance creating failed, how to solve it? thanks!

[root@host-172-16-120-8 ~]# oc describe svc jian
Name:                     jian
Namespace:                clusterregistry
Labels:                   app=clusterregistry
Annotations:              <none>
Selector:                 app=clusterregistry,module=clusterregistry-apiserver
Type:                     NodePort
IP:                       172.30.7.3
Port:                     https  443/TCP
TargetPort:               https/TCP
NodePort:                 https  31591/TCP
Endpoints:                10.129.0.18:8443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:
  Type     Reason                      Age               From                Message
  ----     ------                      ----              ----                -------
  Warning  CreatingLoadBalancerFailed  2m (x16 over 1h)  service-controller  Error creating load balancer (will retry): error getting LB for service clusterregistry/jian: Resource not found
perotinus commented 6 years ago

@jianzhangbjz I don't think there's that could be done on the tool side to resolve this issue. It looks like something is wrong in your environment that prevents you from being able to create load balancers. It looks like you're using OpenShift, so perhaps these docs (or the relevant docs for the version of OpenShift you're using) would help debug?

Note that this issue is no longer applicable because of the CRD migration done in #225, which removes crinit and the standalone API server.

jianzhangbjz commented 6 years ago

@perotinus Thank you! I will have a try. :)