search

sassoftware / viya4-iac-azure

This project contains Terraform configuration files to provision infrastructure components required to deploy SAS Viya platform products on Microsoft Azure Cloud.
Apache License 2.0
73 stars 88 forks source link

IAC Script fails while trying to use during SAS Deployment workshop. Tried multiple attempts. #340

Closed SASCloudLearner closed 9 months ago

SASCloudLearner commented 1 year ago

Hello, This is the second time i am trying to deploy and currently i get below error. Is it a known issue. can you some assist

│ Warning: Argument is deprecated │ │ with module.aks.azurerm_kubernetes_cluster.aks, │ on modules/azure_aks/main.tf line 17, in resource "azurerm_kubernetes_cluster" "aks": │ 17: api_server_authorized_ip_ranges = var.aks_cluster_endpoint_public_access_cidrs │ │ This property has been renamed to authorized_ip_ranges within the │ api_server_access_profile block and will be removed in v4.0 of the │ provider │ │ (and 3 more similar warnings elsewhere) ╵ ╷ │ Error: Post "https://retry-aks-tgc31bbi.hcp.eastus2.azmk8s.io:443/api/v1/namespaces/kube-system/configmaps": dial tcp 20.96.25 1.247:443: i/o timeout │ │ with kubernetes_config_map.sas_iac_buildinfo, │ on main.tf line 276, in resource "kubernetes_config_map" "sas_iac_buildinfo": │ 276: resource "kubernetes_config_map" "sas_iac_buildinfo" { │ ╵ ╷ │ Error: Post "https://retry-aks-tgc31bbi.hcp.eastus2.azmk8s.io:443/api/v1/namespaces/kube-system/serviceaccounts": context dead line exceeded │ │ with module.kubeconfig.kubernetes_service_account.kubernetes_sa[0], │ on modules/kubeconfig/main.tf line 58, in resource "kubernetes_service_account" "kubernetes_sa": │ 58: resource "kubernetes_service_account" "kubernetes_sa" { │ ╵ ╷ │ Error: Post "https://retry-aks-tgc31bbi.hcp.eastus2.azmk8s.io:443/apis/rbac.authorization.k8s.io/v1/clusterrolebindings": dial tcp 20.96.251.247:443: i/o timeout │ │ with module.kubeconfig.kubernetes_cluster_role_binding.kubernetes_crb[0], │ on modules/kubeconfig/main.tf line 66, in resource "kubernetes_cluster_role_binding" "kubernetes_crb": │ 66: resource "kubernetes_cluster_role_binding" "kubernetes_crb" { │

ajeffowens commented 1 year ago

This part of the process is your local machine (the one running terraform) attempting (and failing) to access the kubernetes api server. Access to this api server is controlled via a network security group. I suspect that your ip is not included in that NSG. It may help to review: https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/CONFIG-VARS.md#admin-access

You should be sure to include your ip address in cluster_endpoint_public_access_cidrs or more likely you'll just want to add it to default_public_access_cidrs so that you can reach other resources as well.

SASCloudLearner commented 1 year ago

Hi Jeff, I retried with with a change in the default_public_access_cidrs value. i am able to ping the IP Address in the error but still get this same message. Is there anything i can check to confirm, if there is a different issue?

Thank you

SASCloudLearner commented 1 year ago

Hi Jeff, i checked the troubleshooting.md file and got a hint from there. I updated the kubernetes to 1.27 and then the iac worked successfully. But unfortunately, sas deployment though shows successful using the github project, i see that only sas deployment operator pod is created which again fails. I will see what i can do for this. Any suggestion on how to check whats going on wrong with sas deployment operator. I dont see any logs in azure portal under the pod > logs

riragh commented 1 year ago

For SAS deployment operator log you could use following commands to see if there is any additional log that might help identify the cause.

kubectl get sasdeployment -o wide -n <viya-namespace>

kubectl get sasdeployment -n <viya-namespace> -o yaml
SASCloudLearner commented 1 year ago

Hi Ritika, i get below error:

[azureuser@retryvm viya4-deployment]$ kubectl get sasdeployment -n retryns -o yaml E1002 21:06:09.137644 148682 memcache.go:265] couldn't get current server API group list: Get "https://retry-aks-luyzvosr.hcp.eastus2.azmk8s.io:443/api?timeout=32s": dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host E1002 21:06:09.144153 148682 memcache.go:265] couldn't get current server API group list: Get "https://retry-aks-luyzvosr.hcp.eastus2.azmk8s.io:443/api?timeout=32s": dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host E1002 21:06:09.149044 148682 memcache.go:265] couldn't get current server API group list: Get "https://retry-aks-luyzvosr.hcp.eastus2.azmk8s.io:443/api?timeout=32s": dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host E1002 21:06:09.154961 148682 memcache.go:265] couldn't get current server API group list: Get "https://retry-aks-luyzvosr.hcp.eastus2.azmk8s.io:443/api?timeout=32s": dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host E1002 21:06:09.160687 148682 memcache.go:265] couldn't get current server API group list: Get "https://retry-aks-luyzvosr.hcp.eastus2.azmk8s.io:443/api?timeout=32s": dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host Unable to connect to the server: dial tcp: lookup retry-aks-luyzvosr.hcp.eastus2.azmk8s.io on 168.63.129.16:53: no such host [azureuser@retryvm viya4-deployment]$

riragh commented 11 months ago

@SASCloudLearner, sorry for the delay. Are you still having this issue?

riragh commented 9 months ago

Closing this issue due to inactivity. Please feel free to open the issue if the error persists.