search

pelotech / drone-helm3

Plugin for drone to deploy helm charts using helm3
Apache License 2.0
31 stars 36 forks source link

drone-helm3 upgrade failed #99

Closed vampire2kk closed 4 years ago

vampire2kk commented 4 years ago

enviroment: My drone version: 2.0.7 drone-helm3 version: probably latest k8s version(managed by rancher): 1.18.3

What i tried to do helm upgrade --install

What happened get an error : "Error: UPGRADE FAILED: query: failed to query with labels: the server has asked for the client to provide credentials (get secrets)"

detail:


Generated config: {Command: DroneEvent:push UpdateDependencies:false DependenciesAction: AddRepos:[] RepoCertificate: RepoCACertificate: Debug:true Values: StringValues: ValuesFiles:[] Namespace:drone KubeToken:(redacted) SkipTLSVerify:false Certificate:********
--
2 | APIServer:******** ServiceAccount:******** ChartVersion: DryRun:false Wait:false ReuseValues:false KeepHistory:false Timeout: Chart:./helm Release:master Force:false AtomicUpgrade:false CleanupOnFail:false LintStrictly:false Stdout:0xc0000aa008 Stderr:0xc0000aa010}
3 | calling *run.InitKube.Prepare (step 0)
4 | loading kubeconfig template from /root/.kube/config.tpl
5 | creating kubeconfig file at /root/.kube/config
6 | calling *run.Upgrade.Prepare (step 1)
7 | Generated command: '/usr/bin/helm --debug --namespace drone upgrade --install master ./helm'
8 | calling *run.InitKube.Execute (step 0)
9 | writing kubeconfig file to /root/.kube/config
10 | calling *run.Upgrade.Execute (step 1)
11 | upgrade.go:82: [debug] preparing upgrade for master
12 | Error: UPGRADE FAILED: query: failed to query with labels: the server has asked for the client to provide credentials (get secrets)
13 | helm.go:75: [debug] the server has asked for the client to provide credentials (get secrets)
14 | query: failed to query with labels
15 | helm.sh/helm/v3/pkg/storage/driver.(*Secrets).Query
16 | /home/circleci/helm.sh/helm/pkg/storage/driver/secrets.go:121
17 | helm.sh/helm/v3/pkg/storage.(*Storage).DeployedAll
18 | /home/circleci/helm.sh/helm/pkg/storage/storage.go:134
19 | helm.sh/helm/v3/pkg/storage.(*Storage).Deployed
20 | /home/circleci/helm.sh/helm/pkg/storage/storage.go:113
21 | helm.sh/helm/v3/pkg/action.(*Upgrade).prepareUpgrade
22 | /home/circleci/helm.sh/helm/pkg/action/upgrade.go:125
23 | helm.sh/helm/v3/pkg/action.(*Upgrade).Run
24 | /home/circleci/helm.sh/helm/pkg/action/upgrade.go:83
25 | main.newUpgradeCmd.func1
26 | /home/circleci/helm.sh/helm/cmd/helm/upgrade.go:136
27 | github.com/spf13/cobra.(*Command).execute
28 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:826
29 | github.com/spf13/cobra.(*Command).ExecuteC
30 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
31 | github.com/spf13/cobra.(*Command).Execute
32 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
33 | main.main
34 | /home/circleci/helm.sh/helm/cmd/helm/helm.go:74
35 | runtime.main
36 | /usr/local/go/src/runtime/proc.go:203
37 | runtime.goexit
38 | /usr/local/go/src/runtime/asm_amd64.s:1357
39 | UPGRADE FAILED
40 | main.newUpgradeCmd.func1
41 | /home/circleci/helm.sh/helm/cmd/helm/upgrade.go:138
42 | github.com/spf13/cobra.(*Command).execute
43 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:826
44 | github.com/spf13/cobra.(*Command).ExecuteC
45 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:914
46 | github.com/spf13/cobra.(*Command).Execute
47 | /go/pkg/mod/github.com/spf13/cobra@v0.0.5/command.go:864
48 | main.main
49 | /home/circleci/helm.sh/helm/cmd/helm/helm.go:74
50 | runtime.main
51 | /usr/local/go/src/runtime/proc.go:203
52 | runtime.goexit
53 | /usr/local/go/src/runtime/asm_amd64.s:1357
54 | while executing *run.Upgrade step: exit status 1

I suspect i get the wrong kube_token and kube_service_acccount. The service_account which i use is 'drone-drone-pipeline',and the kube_token is 'drone-drone-pipeline-token-kfjn7'. This serviceaccount(drone-drone-pipeline) was created when drone was installed, I think it is used to provide the plugin for drone deployment.

drone-drone-pipeline-token-kfjn7 info:

Namespace:    drone
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: drone-drone-pipeline
              kubernetes.io/service-account.uid: e81b97d9-a3c3-4cfa-96c5-a393f5969ff8

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1017 bytes
namespace:  5 bytes
token:   {token data}

the clusterrolebinding 'drone-drone-pipeline':

Name:         drone-drone-pipeline
Labels:       app=drone
              chart=drone-2.0.7
              heritage=Tiller
              io.cattle.field/appId=drone
              release=drone
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  drone-drone-pipeline
Subjects:
  Kind            Name                  Namespace
  ----            ----                  ---------
  ServiceAccount  drone-drone-pipeline  drone

the clusterrole 'drone-drone-pipeline':

Name:         drone-drone-pipeline
Labels:       app=drone
              chart=drone-2.0.7
              heritage=Tiller
              io.cattle.field/appId=drone
              release=drone
Annotations:  <none>
PolicyRule:
  Resources               Non-Resource URLs  Resource Names  Verbs
  ---------               -----------------  --------------  -----
  configmaps              []                 []              [create delete get list watch]
  namespaces              []                 []              [create delete get list watch]
  pods                    []                 []              [create delete get list watch]
  secrets                 []                 []              [create delete get list watch]
  services                []                 []              [create delete get list watch]
  deployments.extensions  []                 []              [get list watch patch update]
  pods/log                []                 []              [get]

my drone config:

  - name: deploy
    image: pelotech/drone-helm3
#    volumes:
#      - name: kube
#        path: /root/.kube
    settings:
#      mode: upgrade
      namespace: drone
      chart: ./helm
      release: ${DRONE_BRANCH}
      debug: true
      kube_api_server:
        from_secret: kube_api_server
      kube_token:
        from_secret: kube_token
      kube_service_account:
        from_secret: kube_service_account
      kube_certificate:
        from_secret: kube_certificate
#      skip_tls_verify: false

Can I use this token for deploying? Or can you give suggestions for obtaining kube_token for deploying?

Thanks for help.

vampire2kk commented 4 years ago

sorry , my bad! i get the wrong api-server address.