search

kubernetes-sigs / external-dns

Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services
Apache License 2.0
7.71k stars 2.57k forks source link

Error installing the chart of external-dns #3680

Closed Mauraza closed 5 months ago

Mauraza commented 1 year ago

What happened: I'm, trying to deploy the last version external-dns with the default values and appears the following error: 

time="2023-06-12T16:40:47Z" level=fatal msg="records retrieval failed: failed to list hosted zones: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

What you expected to happen: The install is going well and the pod no finish with the status CrashLoopBackOff

How to reproduce it (as minimally and precisely as possible):

helm upgrade --install external-dns external-dns/external-dns

Anything else we need to know?:

Environment:

kundan2707 commented 1 year ago

/remove-kind bug

kundan2707 commented 1 year ago 
node@node~$ helm repo add external-dns https://kubernetes-sigs.github.io/external-dns/
"external-dns" has been added to your repositories
node@node:~$ helm upgrade --install external-dns external-dns/external-dns
Release "external-dns" does not exist. Installing it now.
NAME: external-dns
LAST DEPLOYED: Thu Jun 15 12:36:46 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
***********************************************************************
* External DNS                                                        *
***********************************************************************
  Chart version: 1.13.0
  App version:   0.13.5
  Image tag:     registry.k8s.io/external-dns/external-dns:v0.13.5
***********************************************************************
node@node:~$
kundan2707 commented 1 year ago

@Mauraza please share all steps you followed

kundan2707 commented 1 year ago

/kind support /assign

Mauraza commented 1 year ago

Hi @kundan2707,

That are the steps I followed 

$ helm upgrade --install external-dns external-dns/external-dns
Release "external-dns" does not exist. Installing it now.
NAME: external-dns
LAST DEPLOYED: Thu Jun 15 10:11:01 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
***********************************************************************
* External DNS                                                        *
***********************************************************************
  Chart version: 1.13.0
  App version:   0.13.5
  Image tag:     registry.k8s.io/external-dns/external-dns:v0.13.5
***********************************************************************`

but after the pod gets ready the status change to error:

$ k get po -w
NAME                            READY   STATUS    RESTARTS   AGE
external-dns-6897b97bd8-z58bv   0/1     Running   0          8s
external-dns-6897b97bd8-z58bv   1/1     Running   0          20s
external-dns-6897b97bd8-z58bv   0/1     Error     0          32s
external-dns-6897b97bd8-z58bv   0/1     Running   1 (1s ago)   33s
external-dns-6897b97bd8-z58bv   1/1     Running   1 (8s ago)   40s
external-dns-6897b97bd8-z58bv   0/1     Error     1 (27s ago)   59s
external-dns-6897b97bd8-z58bv   0/1     CrashLoopBackOff   1 (2s ago)    60s
external-dns-6897b97bd8-z58bv   0/1     Running            2 (16s ago)   74s
external-dns-6897b97bd8-z58bv   1/1     Running            2 (22s ago)   80s
external-dns-6897b97bd8-z58bv   0/1     Error              2 (42s ago)   100s
external-dns-6897b97bd8-z58bv   0/1     CrashLoopBackOff   2 (2s ago)    101s

If a check the logs appears this:

$ k logs -f external-dns-6897b97bd8-z58bv
time="2023-06-15T08:13:10Z" level=info msg="config: {APIServerURL: KubeConfig: RequestTimeout:30s DefaultTargets:[] ContourLoadBalancerService:heptio-contour/contour GlooNamespace:gloo-system SkipperRouteGroupVersion:zalando.org/v1 Sources:[service ingress] Namespace: AnnotationFilter: LabelFilter: IngressClassNames:[] FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false IgnoreIngressTLSSpec:false IgnoreIngressRulesSpec:false GatewayNamespace: GatewayLabelFilter: Compatibility: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:aws GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s GoogleZoneVisibility: DomainFilter:[] ExcludeDomains:[] RegexDomainFilter: RegexDomainExclusion: ZoneNameFilter:[] ZoneIDFilter:[] TargetNetFilter:[] ExcludeTargetNets:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSAssumeRoleExternalID: AWSBatchChangeSize:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AWSZoneCacheDuration:0s AWSSDServiceCleanup:false AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: AzureSubscriptionID: AzureUserAssignedIdentityClientID: BluecatDNSConfiguration: BluecatConfigFile:/etc/kubernetes/bluecat.json BluecatDNSView: BluecatGatewayHost: BluecatRootZone: BluecatDNSServerName: BluecatDNSDeployType:no-deploy BluecatSkipTLSVerify:false CloudflareProxied:false CloudflareDNSRecordsPerPage:100 CoreDNSPrefix:/skydns/ RcodezeroTXTEncrypt:false AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: AkamaiEdgercPath: AkamaiEdgercSection: InfobloxGridHost: InfobloxWapiPort:443 InfobloxWapiUsername:admin InfobloxWapiPassword: InfobloxWapiVersion:2.3.1 InfobloxSSLVerify:true InfobloxView: InfobloxMaxResults:0 InfobloxFQDNRegEx: InfobloxNameRegEx: InfobloxCreatePTR:false InfobloxCacheDuration:0 DynCustomerName: DynUsername: DynPassword: DynMinTTLSeconds:0 OCIConfigFile:/etc/kubernetes/oci.yaml OCICompartmentOCID: OCIAuthInstancePrincipal:false InMemoryZones:[] OVHEndpoint:ovh-eu OVHApiRateLimit:20 PDNSServer:http://localhost:8081 PDNSAPIKey: PDNSTLSEnabled:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:upsert-only Registry:txt TXTOwnerID:default TXTPrefix: TXTSuffix: TXTEncryptEnabled:false TXTEncryptAESKey: Interval:1m0s MinEventSyncInterval:5s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s TXTWildcardReplacement: ExoscaleEndpoint:https://api.exoscale.ch/dns ExoscaleAPIKey: ExoscaleAPISecret: CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: ResolveServiceLoadBalancerHostname:false RFC2136Host: RFC2136Port:0 RFC2136Zone: RFC2136Insecure:false RFC2136GSSTSIG:false RFC2136KerberosRealm: RFC2136KerberosUsername: RFC2136KerberosPassword: RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s RFC2136BatchChangeSize:50 NS1Endpoint: NS1IgnoreSSL:false NS1MinTTLSeconds:0 TransIPAccountName: TransIPPrivateKeyFile: DigitalOceanAPIPageSize:50 ManagedDNSRecordTypes:[A AAAA CNAME] GoDaddyAPIKey: GoDaddySecretKey: GoDaddyTTL:0 GoDaddyOTE:false OCPRouterName: IBMCloudProxied:false IBMCloudConfigFile:/etc/kubernetes/ibmcloud.json TencentCloudConfigFile:/etc/kubernetes/tencent-cloud.json TencentCloudZoneType: PiholeServer: PiholePassword: PiholeTLSInsecureSkipVerify:false PluralCluster: PluralProvider:}"
time="2023-06-15T08:13:10Z" level=info msg="Instantiating new Kubernetes client"
time="2023-06-15T08:13:10Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2023-06-15T08:13:10Z" level=info msg="Created Kubernetes client https://10.96.0.1:443"
time="2023-06-15T08:13:36Z" level=fatal msg="records retrieval failed: failed to list hosted zones: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"

Thanks for your help.

Mauraza commented 1 year ago

Hi @kundan2707,

Could you reproduce the issue?

kundan2707 commented 1 year ago

@Mauraza
issue was not reproducible to me.

Mauraza commented 1 year ago

Hi @kundan2707,

I follow these steps https://github.com/kubernetes-sigs/external-dns/issues/3680#issuecomment-1592487877 in Minikube. Are there any missing settings?

Could you tell me why appears this error time="2023-07-05T08:30:30Z" level=fatal msg="records retrieval failed: failed to list hosted zones: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors"?

dekonnection commented 11 months ago

Hi @Mauraza ,

I don't know your exact setup, but I encountered the very same issue while deploying external-dns using the Helm chart.

After hours of digging, I found that an environment variable was missing (it's also not documented at all on the chart).

So here are the Helm values that made it work for me:

namespaced: true
triggerLoopOnEvent: true
env:
  - name: AWS_SHARED_CREDENTIALS_FILE
    value: /.aws/credentials
secretConfiguration:
  enabled: true
  mountPath: /.aws
  data:
    credentials: |
      [default]
      aws_access_key_id = *********
      aws_secret_access_key = *************

The missing part was the value under the env key, that tells the external-dns aws provider where to find the credentials.

Have a good day !

k8s-triage-robot commented 8 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 7 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

toschneck commented 6 months ago

Hi @Mauraza ,

I don't know your exact setup, but I encountered the very same issue while deploying external-dns using the Helm chart.

After hours of digging, I found that an environment variable was missing (it's also not documented at all on the chart).

So here are the Helm values that made it work for me:

namespaced: true
triggerLoopOnEvent: true
env:
  - name: AWS_SHARED_CREDENTIALS_FILE
    value: /.aws/credentials
secretConfiguration:
  enabled: true
  mountPath: /.aws
  data:
    credentials: |
      [default]
      aws_access_key_id = *********
      aws_secret_access_key = *************

The missing part was the value under the env key, that tells the external-dns aws provider where to find the credentials.

Have a good day !

Works fro me as well, unfortunately the docu could be better for this case

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 5 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/external-dns/issues/3680#issuecomment-2166483408): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.