search

rancher / rio

Application Deployment Engine for Kubernetes
https://rio.io
Apache License 2.0
2.27k stars 228 forks source link

rio watch repo with Riofile not working #1026

Closed citananda closed 4 years ago

citananda commented 4 years ago

Describe the bug This command is working: rio --namespace my-namespace up --name my-project --file Riofile.yaml But when I want to watch a repo with the same file, it is not working: rio --namespace my-namespace up --name my-project --branch develop --file deployment/Riofile.yaml --build-clone-secret gitcredential-ssh ssh://git@private-git:30022/my-namespace/my-project.git

Expected behavior The stack should go up, as when I call it from local file

Kubernetes version & type (GKE, on-prem): kubectl version

Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T21:03:42Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T20:55:23Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

Type: Rio version: rio info

Rio Version: v0.7.0 (4afd4901)
Rio CLI Version: v0.7.0 (4afd4901)
Cluster Domain: XXX.on-rio.io
Cluster Domain IPs: XXX
System Namespace: rio-system
Wildcard certificates: XXX.on-rio.io(true)

Additional context rio --namespace my-namespace logs -a output:

my-namespace-api-dev-stack-62004-135f3-pod-76690c step-git-source-source-p4w9h {"level":"warn","ts":1586526418.371524,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"ref: refs/heads/master\" is not a valid GitHub commit ID"}
gy-dev-api-api-dev-stack-62004-135f3-pod-76690c step-git-source-source-p4w9h {"level":"info","ts":1586526419.0366218,"logger":"fallback-logger","caller":"git/git.go:103","msg":"Successfully cloned ssh://git@private-gitlab:30022/my-namespace/my-project.git @ 8b8528a1623969d25829e1ba4bad20eb3e32582e in path /workspace/source"}
my-namespace-api-dev-stack-62004-135f3-pod-76690c step-rio-up time="2020-04-10T13:47:00Z" level=fatal msg="failed to create my-namespace/api-fpm apps/v1, Kind=Deployment for  my-namespace/api-dev: deployments.apps is forbidden: User \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"my-namespace\", 
failed to create my-namespace/api-nginx apps/v1, Kind=Deployment for  my-namespace/api-dev: deployments.apps is forbidden: User \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"my-namespace\", 
failed to create my-namespace/mariadb apps/v1, Kind=Deployment for  my-namespace/api-dev: deployments.apps is forbidden: User \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"my-namespace\", 
failed to create my-namespace/api.goyoga.net extensions/v1beta1, Kind=Ingress for  my-namespace/api-dev: ingresses.extensions is forbidden: User \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" cannot create resource \"ingresses\" in API group \"extensions\" in the namespace \"my-namespace\",
 failed to create my-namespace/api-fpm rio.cattle.io/v1, Kind=Service for  my-namespace/api-dev: admission webhook \"api-validator.rio.io\" denied the request:
 failed to validate rio service: user \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:my-namespace\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"namespaces\"], Verbs:[\"create\"]}\n{APIGroups:[\"*\"], Resources:[\"apiservices\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"*\"], Resources:[\"persistentvolumeclaims\"], Verbs:[\"*\"]}\n{APIGroups:[\"*\"], Resources:[\"persistentvolumes\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"*\"], Resources:[\"storageclasses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authentication.istio.io\"], Resources:[\"policies\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"apikeys\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"authorizations\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"checknothings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"circonuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"deniers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"fluentds\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"handlers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"kubernetesenvs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"kuberneteses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"listcheckers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"listentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"logentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"memquotas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"metrics\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"opas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"prometheuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotaspecbindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotaspecs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"rbacs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"reportnothings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"rules\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"solarwindses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"stackdrivers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"statsds\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"stdios\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"catalogtemplates\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"catalogtemplateversions\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"clustercatalogs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"clusterevents\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"notifiers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectalertgroups\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectalertrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectcatalogs\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectloggings\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectmonitorgraphs\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectroletemplatebindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"metrics.k8s.io\"], Resources:[\"pods\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.cattle.io\"], Resources:[\"prometheus\"], Verbs:[\"view\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheusrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"servicemonitors\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"destinationrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"envoyfilters\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"gateways\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"serviceentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"sidecars\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"virtualservices\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"apprevisions\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"apps\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelineexecutions\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelines\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelinesettings\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"sourcecodeproviderconfigs\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"rbacconfigs\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"servicerolebindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"serviceroles\"], Verbs:[\"*\"]}\n{APIGroups:[\"security.istio.io\"], Resources:[\"authorizationpolicies\"], Verbs:[\"*\"]}, 
failed to create my-namespace/api-nginx rio.cattle.io/v1, Kind=Service for  my-namespace/api-dev: admission webhook \"api-validator.rio.io\" denied the request: 
failed to validate rio service: user \"system:serviceaccount:my-namespace:my-namespace-api-dev-stack-62004-135f3-stack\" (groups=[\"system:serviceaccounts\" \"system:serviceaccounts:my-namespace\" \"system:authenticated\"]) is attempting to grant RBAC permissions not currently held:\n{APIGroups:[\"\"], Resources:[\"namespaces\"], Verbs:[\"create\"]}\n{APIGroups:[\"*\"], Resources:[\"apiservices\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"*\"], Resources:[\"persistentvolumeclaims\"], Verbs:[\"*\"]}\n{APIGroups:[\"*\"], Resources:[\"persistentvolumes\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"*\"], Resources:[\"storageclasses\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"authentication.istio.io\"], Resources:[\"policies\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"apikeys\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"authorizations\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"checknothings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"circonuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"deniers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"fluentds\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"handlers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"kubernetesenvs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"kuberneteses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"listcheckers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"listentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"logentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"memquotas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"metrics\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"opas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"prometheuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotas\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotaspecbindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"quotaspecs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"rbacs\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"reportnothings\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"rules\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"solarwindses\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"stackdrivers\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"statsds\"], Verbs:[\"*\"]}\n{APIGroups:[\"config.istio.io\"], Resources:[\"stdios\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"catalogtemplates\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"catalogtemplateversions\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"clustercatalogs\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"clusterevents\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"notifiers\"], Verbs:[\"get\" \"list\" \"watch\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectalertgroups\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectalertrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectcatalogs\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectloggings\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectmonitorgraphs\"], Verbs:[\"*\"]}\n{APIGroups:[\"management.cattle.io\"], Resources:[\"projectroletemplatebindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"metrics.k8s.io\"], Resources:[\"pods\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.cattle.io\"], Resources:[\"prometheus\"], Verbs:[\"view\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheuses\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"prometheusrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"monitoring.coreos.com\"], Resources:[\"servicemonitors\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"destinationrules\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"envoyfilters\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"gateways\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"serviceentries\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"sidecars\"], Verbs:[\"*\"]}\n{APIGroups:[\"networking.istio.io\"], Resources:[\"virtualservices\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"apprevisions\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"apps\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelineexecutions\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelines\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"pipelinesettings\"], Verbs:[\"*\"]}\n{APIGroups:[\"project.cattle.io\"], Resources:[\"sourcecodeproviderconfigs\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"rbacconfigs\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"servicerolebindings\"], Verbs:[\"*\"]}\n{APIGroups:[\"rbac.istio.io\"], Resources:[\"serviceroles\"], Verbs:[\"*\"]}\n{APIGroups:[\"security.istio.io\"], Resources:[\"authorizationpolicies\"], Verbs:[\"*\"]}"
citananda commented 4 years ago

What I want to do is Continuous Deployment on Riofile stack. Is it possible ? When I do it with a simple command like rio run -n cd-demo -p 8080 https://github.com/rancher/rio-demo it is working, but if I create a Riofile with the same repo, the build is made on the first load, but not on the followings

citananda commented 4 years ago

Ok, reading again the docs and making some tests, I understand that it is not possible to do CICD based on Riofile. So to take advantage of the flexibility of CICD and the power of Riofiles, I combined the two with custom scripts to automatically update my stacks as soon as a new docker image is created.