Open Cryptophobia opened 6 years ago
From @kwent on March 21, 2017 23:20
I would also update the documentation (https://deis.com/docs/workflow/installing-workflow/configuring-registry/) with one section for ECR and one section for GCR with samples.
From @vdice on March 23, 2017 21:29
https://github.com/deis/workflow/pull/779 represents the docs update
From @foxycoder on April 7, 2017 16:35
FWIW I ran into the same error all of a sudden
error getting private registry details secrets "private-registry-ecr" not found
So I deleted the token refresher pod to start a new one and everything worked again:
kubectl --namespace deis delete pod deis-registry-token-refresher-xxx-yyy
From @mariusmarais on May 30, 2017 13:23
I'm running into this same problem, but I'm not able to recover.
Originally I setup values with both registryid
and hostname
, eventually leading me here.
However, after removing them and running kubectl delete namespace deis
and re-running helm install deis/workflow -f values.yml
, I still have the same problem, even though both registryid
and hostname
are blank in the registry-secret
secret:
Error running git receive hook [error getting private registry details secrets "private-registry-ecr" not found]
Restarting the pod has no effect and it isn't generating any log output, which is making debugging very difficult (quay.io/deis/registry-token-refresher:v1.1.2).
Please help :)
Update: Granting the follow access via IAM resolves the issue, since Deis needs to be able to create a repository for every app:
{
"Effect": "Allow",
"Action": [
"ecr:*"
],
"Resource": [
"*"
]
}
Can this be limited further?
In the docs, it is mentioned not to set hostname & registryid for ecr. Without these, helm is failing to update values.
➜ helm install hephy/workflow --namespace deis --generate-name -f values.yml
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [unknown object type "nil" in Secret.data.hostname, unknown object type "nil" in Secret.data.registryid]
From @mariusmarais on May 30, 2017 13:23
I'm running into this same problem, but I'm not able to recover.
Originally I setup values with both
registryid
andhostname
, eventually leading me here.However, after removing them and running
kubectl delete namespace deis
and re-runninghelm install deis/workflow -f values.yml
, I still have the same problem, even though bothregistryid
andhostname
are blank in theregistry-secret
secret:Error running git receive hook [error getting private registry details secrets "private-registry-ecr" not found]
Restarting the pod has no effect and it isn't generating any log output, which is making debugging very difficult (quay.io/deis/registry-token-refresher:v1.1.2).
Please help :)
Update: Granting the follow access via IAM resolves the issue, since Deis needs to be able to create a repository for every app:
{ "Effect": "Allow", "Action": [ "ecr:*" ], "Resource": [ "*" ] }
Can this be limited further?
where I have to update this config. did you mean to update in trust relationship policy?
hello i also tried to install deis workflow using hem chart.
helm install deis hephy/workflow --create-namespace --namespace deis --set global.use_cni=true -f deis-install.yml
and code is,
# This is the global configuration file for Workflow
global:
# Change to s3
storage: s3
database_location: "on-cluster"
logger_redis_location: "on-cluster"
influxdb_location: "on-cluster"
grafana_location: "on-cluster"
# Change to ecr
registry_location: "ecr"
host_port: 5555
secret_prefix: "private-registry"
experimental_native_ingress: false
use_rbac: true
s3:
# Add access key and secret to user with read/write access to buckets
accesskey: "*******"
secretkey: "********"
region: "eu-west-1"
# Buckets you already created
database_bucket: "*********"
builder_bucket: "***********"
controller:
app_pull_policy: "IfNotPresent"
registration_mode: "admin_only"
platform_domain: "********"
database:
username: "deis"
password: "*******"
postgres:
name: "********"
username: "deis"
password: "*************"
host: "*************"
port: "5432"
#redis:
# db: "0"
# host: "redis host"
# port: "redis port"
# password: "redis password" # "" == no password
# fluentd:
# syslog:
# host: ""
# port: ""
monitor:
grafana:
user: "admin"
password: "************"
persistence:
enabled: false # Set to true to enable persistence
size: 5Gi # PVC size
influxdb:
url: "**************"
database: "admin"
user: "deis"
password: "***********"
persistence:
enabled: true # Set to true to enable persistence
size: 200Gi # PVC size
registry-token-refresher:
token_refresh_time: ""
# off_cluster_registry:
# hostname: ""
# organization: ""
# username: ""
# password: ""
ecr:
# Access key and secret for user with access to ECR registry
accesskey: "*******"
secretkey: "**********"
# Hostname of ECR registry
hostname: "**********"
# Region where registry is located
region: eu-north-1
# Registry id (same as start in hostname)
registryid: "**********"
# gcr:
# key_json: <base64-encoded JSON data>
# hostname: ""
router:
dhparam: ""
deployment_annotations:
# Max body of requests for router
router.deis.io/nginx.bodySize: "50m"
# service_annotations:
# #<example-key>: <example-value>
host_port:
enabled: false
workflow-manager:
versions_api_url: https://versions.teamhephy.info
doctor_api_url: https://doctor.teamhephy.info
but I am getting error like,
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [unknown object type "nil" in Secret.data.accesskey, unknown object type "nil" in Secret.data.hostname, unknown object type "nil" in Secret.data.registryid, unknown object type "nil" in Secret.data.secretkey]
I tried with empty string, and attached I am policy to user full access for ECR and changed kubeconfig file. but none of them helped me source link: https://github.com/deis/workflow/blob/master/charts/workflow/values.yaml can anyone tell me what could be wrong here?
@whitedevil-369 ,
Can you try setting these values below to blank strings ""
in your values.yaml file?:
ecr:
hostname: ""
registryid: ""
https://docs.teamhephy.com/installing-workflow/configuring-registry/#ecr
NOTE: registryid and hostname should not be set. See this issue for more info.
From @vdice on March 21, 2017 22:42
When setting up values for using ECR as the off-cluster registry option, a sample snippet of Workflow's global
values.yaml
would look something like:Yet, when the
registryid
andhostname
values are non-empty as above, it seems a bug is hit and the necessaryprivate-registry-ecr
secret is not created correctly. When an attempt to build/deploy an example app, the following is hit:Meanwhile, counterintuitively, if both
registryid
andhostname
are just kept at""
then the aforementioned secret is created properly and build/deploys work as intended.Copied from original issue: deis/registry-token-refresher#11