search

sighupio / fury-distribution

Kubernetes Fury Distribution (Core Modules) - A battle-tested open-source Kubernetes distribution
https://kubernetesfury.com/
BSD 3-Clause "New" or "Revised" License
158 stars 14 forks source link

Furyctl validated correctly but `furyctl apply` reports missing values #211

Open FedericoAntoniazzi opened 4 months ago

FedericoAntoniazzi commented 4 months ago

Scenario

I have a furyctl.yaml file for an OnPremises installation, which currently needs the CNI only:

apiVersion: kfd.sighup.io/v1alpha2
kind: OnPremises
metadata:
  name: fury-poc
spec:
  distributionVersion: v1.27.3
  ...
  distribution:
    modules:
      networking:
        type: "calico"
      ingress:
        baseDomain: internal.example.dev
        nginx:
          type: none
      logging:
        type: none
      monitoring:
        type: none
      ...

I made sure everything was okay by validating the config

❯ furyctl validate config
INFO Downloading distribution...                  
INFO Compatibility patches applied for v1.27.3    
INFO configuration file validation succeeded      
INFO There is a newer release available: v0.28.0

But then, when running the apply, I got the following error:

❯ furyctl apply --phase distribution --skip-nodes-upgrade --force upgrades
INFO Downloading distribution...                  
INFO Compatibility patches applied for v1.27.3    
INFO Validating configuration file...             
INFO Downloading dependencies...                  
INFO There is a newer release available: v0.28.0  
INFO Validating dependencies...                   
INFO Running preflight checks                     
INFO Checking that the cluster is reachable...    
INFO Preflight checks completed successfully      
INFO Running preupgrade phase...                  
INFO Preupgrade phase completed successfully      
INFO Installing Kubernetes Fury Distribution...   
INFO Checking that the cluster is reachable...    
INFO Checking storage classes...                  
WARN No storage classes found in the cluster. logging module (if enabled), tracing module (if enabled), dr module (if enabled) and prometheus-operated package installation will be skipped. You need to install a StorageClass and re-run furyctl to install the missing components. 
ERRO error while creating cluster: error while executing distribution phase: error while executing phase: error preparing distribution phase: error copying from template: error generating from template files: error applying templates: error processing template: template: cert-manager-clusterissuer.yml.tpl:40:17: executing "cert-manager-clusterissuer.yml.tpl" at <.spec.distribution.modules.ingress.certManager.clusterIssuer.solvers>: map has no entry for key "solvers" filePath: /var/folders/mf/vblq1rpx01571403sbmyb6m40000gn/T/furyctl-3210227887/data/templates/distribution/manifests/ingress/resources/cert-manager-clusterissuer.yml.tpl

I also tried setting the parameter --force all but the error persists.

nutellinoit commented 4 months ago

You are using an outaded distro and furyctl version, you should update to the latest.

Apart from that, in the ingress module certManager must be configured, even if the nginx is none.

      ingress:
        baseDomain: internal.example.dev
        # configurations for the nginx ingress controller package
        nginx:
          # type defines if the nginx should be configured as single or dual (internal + external) or none, with none no ingress controller will be deployed and also no ingress resource will be created
          type: none
          # the tls section defines how the tls for the ingresses should be managed
          tls:
            # provider can be certManager, secret
            provider: certManager
        # configuration for the cert-manager package
        certManager:
          # the configuration for the clusterIssuer that will be created
          clusterIssuer:
            # the name of the clusterIssuer
            name: letsencrypt-fury
            # the email used during issuing procedures
            email: example@sighup.io
            # you can configure the clusterIssuer by specifing type (can be only http01) or custom solvers
            type: http01
nutellinoit commented 4 months ago

The fury version should be v1.27.5 and the furyctl version should be 0.28.0

FedericoAntoniazzi commented 4 months ago

Hi Samuele,

In this scenario, I'm operating in a cluster that may not have internet connectivity in the future and no ports exposed on the internet. Is it possible to disable the default issuer in favor of a self-signed one?

FedericoAntoniazzi commented 4 months ago

Back to the original issue, spec.distribution.modules.ingress.certManager is not marked as mandatory in the schema