MetalLB - admission webhooks - denied the request: resource must be created in operators namespace. What does it mean? - k3s
I am trying to create a self-hosted k3s cluster to explore the world of k8s.
I have used kubectl apply to apply the manifest at (not at the same time):
https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml
https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-frr.yaml
https://raw.githubusercontent.com/metallb/metallb/v0.13.6/config/manifests/metallb-frr.yaml
I am trying to add ipAddressPool, BGPPeer and BGPAdvertisement to MetalLB and am facing an issue where the relevant webhooks:
ipaddresspoolvalidationwebhook.metallb.io
bgppeersvalidationwebhook.metallb.io
bgpadvertisementvalidationwebhook.metallb.io
Are returning with: admission webhook denied the request: resource must be created in operators namespace
I don't know what this response means or how to resolve it.
Manifests:
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
namespace: metallb-system
name: bgp-pool
spec:
addresses:
- 172.31.20.1/24
- 2001:db8::c00b:beef::/80
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
name: router
namespace: metallb-system
spec:
myASN: 64521
peerASN: 64520
peerAddress: 172.30.0.1
bfdProfile: bfdprofile
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
name: bgp-pool
namespace: metallb-system
spec:
ipAddressPools:
- bgp-pool
Pod Status:
$ kpod
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-node-f4dsm 1/1 Running 0 68m
kube-system local-path-provisioner-79f67d76f8-scwdt 1/1 Running 0 92m
kube-system coredns-597584b69b-ljxd9 1/1 Running 0 92m
kube-system calico-kube-controllers-798cc86c47-9h6mz 1/1 Running 0 68m
kube-system calico-node-dhtt7 1/1 Running 0 68m
kube-system calico-node-dbm2f 1/1 Running 0 68m
olm olm-operator-56cf65dbf9-t4r9k 1/1 Running 0 54m
olm catalog-operator-6b8c45596c-m6fxf 1/1 Running 0 54m
olm packageserver-6d7b8cd74-dqgdl 1/1 Running 0 40m
olm packageserver-6d7b8cd74-ncphw 1/1 Running 0 40m
olm operatorhubio-catalog-np4f7 1/1 Running 0 40m
olm 00ae99ed4d0c9f0380e2866691b8643f32e9c345efa7942e3572d090556hpc8 0/1 Completed 0 37m
operators metallb-operator-controller-manager-f59767f58-mtd48 1/1 Running 0 36m
operators metallb-operator-webhook-server-7f79999bb7-v94hm 1/1 Running 0 36m
metallb-system controller-66f6c8999f-kvxkp 1/1 Running 0 21m
metallb-system speaker-bnxxd 4/4 Running 0 21m
metallb-system speaker-dqcn9 4/4 Running 0 21m
Logs
metallb-operator-webhook-server
$ k logs metallb-operator-webhook-server-7f79999bb7-v94hm -n operators
{"branch":"dev","caller":"main.go:155","commit":"dev","goversion":"gc / go1.18.3 / amd64","level":"info","msg":"MetalLB controller starting (commit dev, branch dev)","ts":"2022-12-29T20:40:23Z","version":""}
{"caller":"k8s.go:389","level":"info","msg":"Starting Manager","op":"Run","ts":"2022-12-29T20:40:24Z"}
{"action":"webhooks enabled","caller":"webhook.go:55","level":"info","op":"startup","ts":"2022-12-29T20:40:24Z"}
{"level":"info","ts":1672346424.0781536,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=AddressPool"}
{"level":"info","ts":1672346424.0788455,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=AddressPool","path":"/validate-metallb-io-v1beta1-addresspool"}
{"level":"info","ts":1672346424.0794268,"logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"}
{"level":"info","ts":1672346424.0799024,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-addresspool"}
{"level":"info","ts":1672346424.080218,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1672346424.080664,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"}
{"level":"info","ts":1672346424.0814717,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"metallb.io/v1beta1, Kind=AddressPool"}
{"level":"info","ts":1672346424.081652,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=IPAddressPool"}
{"level":"info","ts":1672346424.081719,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=IPAddressPool","path":"/validate-metallb-io-v1beta1-ipaddresspool"}
{"level":"info","ts":1672346424.0819142,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-ipaddresspool"}
{"level":"info","ts":1672346424.0821607,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
{"level":"info","ts":1672346424.0823011,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta2, Kind=BGPPeer"}
{"level":"info","ts":1672346424.083003,"logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":9443}
{"level":"info","ts":1672346424.0831902,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta2, Kind=BGPPeer","path":"/validate-metallb-io-v1beta2-bgppeer"}
{"level":"info","ts":1672346424.0839014,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta2-bgppeer"}
{"level":"info","ts":1672346424.084423,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"metallb.io/v1beta2, Kind=BGPPeer"}
{"level":"info","ts":1672346424.0847147,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=BGPAdvertisement"}
{"level":"info","ts":1672346424.0849228,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=BGPAdvertisement","path":"/validate-metallb-io-v1beta1-bgpadvertisement"}
{"level":"info","ts":1672346424.0854847,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-bgpadvertisement"}
{"level":"info","ts":1672346424.0860505,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=L2Advertisement"}
{"level":"info","ts":1672346424.0861676,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=L2Advertisement","path":"/validate-metallb-io-v1beta1-l2advertisement"}
{"level":"info","ts":1672346424.0863633,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-l2advertisement"}
{"level":"info","ts":1672346424.086669,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=Community"}
{"level":"info","ts":1672346424.087227,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=Community","path":"/validate-metallb-io-v1beta1-community"}
{"level":"info","ts":1672346424.0876715,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-community"}
{"level":"info","ts":1672346424.087925,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"metallb.io/v1beta1, Kind=BFDProfile"}
{"level":"info","ts":1672346424.0879838,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"metallb.io/v1beta1, Kind=BFDProfile","path":"/validate-metallb-io-v1beta1-bfdprofile"}
{"level":"info","ts":1672346424.0881443,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-metallb-io-v1beta1-bfdprofile"}
metallb-operator-controller-manager
$ k logs metallb-operator-controller-manager-f59767f58-mtd48 -n operators
1.6723464002770052e+09 INFO setup git commit: {"id": "=dev"}
1.6723464006334805e+09 INFO controller-runtime.metrics Metrics server is starting to listen {"addr": ":0"}
1.6723464006350648e+09 INFO platform detecting platform version...
1.6723464006471622e+09 INFO platform PlatformInfo [Name: Kubernetes, K8SVersion: 1.25, OS: linux/amd64]
1.6723464006474972e+09 INFO setup starting manager
1.6723464006485376e+09 INFO Starting server {"path": "/metrics", "kind": "metrics", "addr": "[::]:33419"}
I1229 20:40:00.650000 1 leaderelection.go:248] attempting to acquire leader lease operators/metallb.io.metallboperator...
I1229 20:40:00.679813 1 leaderelection.go:258] successfully acquired lease operators/metallb.io.metallboperator
1.672346400680695e+09 INFO Starting EventSource {"controller": "metallb", "controllerGroup": "metallb.io", "controllerKind": "MetalLB", "source": "kind source: *v1beta1.MetalLB"}
1.6723464006810224e+09 INFO Starting Controller {"controller": "metallb", "controllerGroup": "metallb.io", "controllerKind": "MetalLB"}
1.6723464006801696e+09 DEBUG events Normal {"object": {"kind":"Lease","namespace":"operators","name":"metallb.io.metallboperator","uid":"4aed740a-9ffd-4207-940f-941905ac353e","apiVersion":"coordination.k8s.io/v1","resourceVersion":"2812"}, "reason": "LeaderElection", "message": "metallb-operator-controller-manager-f59767f58-mtd48_bb8c2886-579c-4666-ade5-95d9f366f330 became leader"}
1.6723464007836418e+09 INFO Starting workers {"controller": "metallb", "controllerGroup": "metallb.io", "controllerKind": "MetalLB", "worker count": 1}
What does work
The BFDProfile does get accepted by the validation hooks. The ipAddressPool, BGPPeer and BGPAdvertisement manifests have been built using the documentation at https://metallb.universe.tf/configuration/.
I have tried removing the metallb-operator and the whole metallb manifest and even destroying and recreating the cluster and cannot find any reference to this error after hours searching.
I expect the admission webhooks to accept the manifests as they have been built using the official documentation.
Related
define name for ALB when creating kubernetes ingress in AKS
I’m creating Kubernetes nginx ingress controller using Helm https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx Since I’m provisioning a private AKS cluster, I instruct via annotations that the Azure Load Balancer that gets created has a private rather than a public IP address (service.beta.kubernetes.io/azure-load-balancer-internal and service.beta.kubernetes.io/azure-load-balancer-internal-subnet). Here's the values.yaml file that I provide when running helm install controller: replicaCount: ` image: registry: foo.azurecr.io digest: "" pullPolicy: Always ingressClassResource: # -- Name of the ingressClass name: "internal-nginx" # -- Is this ingressClass enabled or not enabled: true # -- Is this the default ingressClass for the cluster default: false # -- Controller-value of the controller that is processing this ingressClass controllerValue: "k8s.io/internal-ingress-nginx" admissionWebhooks: patch: image: registry: foo.azurecr.io digest: "" service: annotations: "service.beta.kubernetes.io/azure-load-balancer-internal": "true" "service.beta.kubernetes.io/azure-load-balancer-internal-subnet": subnet01 loadBalancerIP: "x.x.x.x" watchIngressWithoutClass: true ingressClassResource: default: true defaultBackend: enabled: true image: registry: foo.azurecr.io digest: "" Each single ingress controller creates an Azure Load Balancer named kubernetes-internal: Kubernetes-internal I've searched LoadBalancer annotations but can't find a way to control what the actual name for the ALB will be, or is it always kubernetes-internal ? Anyone has any ideas please ?
Unable to start nginx-ingress-controller Readiness and Liveness probes failed
I have installed using instructions at this link for the Install NGINX using NodePort option. When I do ks logs -f ingress-nginx-controller-7f48b8-s7pg4 -n ingress-nginx I get : W0304 09:33:40.568799 8 client_config.go:614] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0304 09:33:40.569097 8 main.go:241] "Creating API client" host="https://10.96.0.1:443" I0304 09:33:40.584904 8 main.go:285] "Running in Kubernetes cluster" major="1" minor="23" git="v1.23.1+k0s" state="clean" commit="b230d3e4b9d6bf4b731d96116a6643786e16ac3f" platform="linux/amd64" I0304 09:33:40.911443 8 main.go:105] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem" I0304 09:33:40.916404 8 main.go:115] "Enabling new Ingress features available since Kubernetes v1.18" W0304 09:33:40.918137 8 main.go:127] No IngressClass resource with name nginx found. Only annotation will be used. I0304 09:33:40.942282 8 ssl.go:532] "loading tls certificate" path="/usr/local/certificates/cert" key="/usr/local/certificates/key" I0304 09:33:40.977766 8 nginx.go:254] "Starting NGINX Ingress controller" I0304 09:33:41.007616 8 event.go:282] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"ingress-nginx", Name:"ingress-nginx-controller", UID:"1a4482d2-86cb-44f3-8ebb-d6342561892f", APIVersion:"v1", ResourceVersion:"987560", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap ingress-nginx/ingress-nginx-controller E0304 09:33:42.087113 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource E0304 09:33:43.041954 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource E0304 09:33:44.724681 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource E0304 09:33:48.303789 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource E0304 09:33:59.113203 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource E0304 09:34:16.727052 8 reflector.go:138] k8s.io/client-go#v0.20.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.Ingress: failed to list *v1beta1.Ingress: the server could not find the requested resource I0304 09:34:39.216165 8 main.go:187] "Received SIGTERM, shutting down" I0304 09:34:39.216773 8 nginx.go:372] "Shutting down controller queues" E0304 09:34:39.217779 8 store.go:178] timed out waiting for caches to sync I0304 09:34:39.217856 8 nginx.go:296] "Starting NGINX process" I0304 09:34:39.218007 8 leaderelection.go:243] attempting to acquire leader lease ingress-nginx/ingress-controller-leader-nginx... I0304 09:34:39.219741 8 queue.go:78] "queue has been shutdown, failed to enqueue" key="&ObjectMeta{Name:initial-sync,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}" I0304 09:34:39.219787 8 nginx.go:316] "Starting validation webhook" address=":8443" certPath="/usr/local/certificates/cert" keyPath="/usr/local/certificates/key" I0304 09:34:39.242501 8 leaderelection.go:253] successfully acquired lease ingress-nginx/ingress-controller-leader-nginx I0304 09:34:39.242807 8 queue.go:78] "queue has been shutdown, failed to enqueue" key="&ObjectMeta{Name:sync status,GenerateName:,Namespace:,SelfLink:,UID:,ResourceVersion:,Generation:0,CreationTimestamp:0001-01-01 00:00:00 +0000 UTC,DeletionTimestamp:<nil>,DeletionGracePeriodSeconds:nil,Labels:map[string]string{},Annotations:map[string]string{},OwnerReferences:[]OwnerReference{},Finalizers:[],ClusterName:,ManagedFields:[]ManagedFieldsEntry{},}" I0304 09:34:39.242837 8 status.go:84] "New leader elected" identity="ingress-nginx-controller-7f48b8-s7pg4" I0304 09:34:39.252025 8 status.go:204] "POD is not ready" pod="ingress-nginx/ingress-nginx-controller-7f48b8-s7pg4" node="fbcdcesdn02" I0304 09:34:39.255282 8 status.go:132] "removing value from ingress status" address=[] I0304 09:34:39.255328 8 nginx.go:380] "Stopping admission controller" I0304 09:34:39.255379 8 nginx.go:388] "Stopping NGINX process" E0304 09:34:39.255664 8 nginx.go:319] "Error listening for TLS connections" err="http: Server closed" 2022/03/04 09:34:39 [notice] 43#43: signal process started I0304 09:34:40.263361 8 nginx.go:401] "NGINX process has stopped" I0304 09:34:40.263396 8 main.go:195] "Handled quit, awaiting Pod deletion" I0304 09:34:50.263585 8 main.go:198] "Exiting" code=0 When I do ks describe pod ingress-nginx-controller-7f48b8-s7pg4 -n ingress-nginx I get : Name: ingress-nginx-controller-7f48b8-s7pg4 Namespace: ingress-nginx Priority: 0 Node: fxxxxxxxx/10.XXX.XXX.XXX Start Time: Fri, 04 Mar 2022 08:12:57 +0200 Labels: app.kubernetes.io/component=controller app.kubernetes.io/instance=ingress-nginx app.kubernetes.io/name=ingress-nginx pod-template-hash=7f48b8 Annotations: kubernetes.io/psp: 00-k0s-privileged Status: Running IP: 10.244.0.119 IPs: IP: 10.244.0.119 Controlled By: ReplicaSet/ingress-nginx-controller-7f48b8 Containers: controller: Container ID: containerd://638ff4d63b7ba566125bd6789d48db6e8149b06cbd9d887ecc57d08448ba1d7e Image: k8s.gcr.io/ingress-nginx/controller:v0.48.1#sha256:e9fb216ace49dfa4a5983b183067e97496e7a8b307d2093f4278cd550c303899 Image ID: k8s.gcr.io/ingress-nginx/controller#sha256:e9fb216ace49dfa4a5983b183067e97496e7a8b307d2093f4278cd550c303899 Ports: 80/TCP, 443/TCP, 8443/TCP Host Ports: 0/TCP, 0/TCP, 0/TCP Args: /nginx-ingress-controller --election-id=ingress-controller-leader --ingress-class=nginx --configmap=$(POD_NAMESPACE)/ingress-nginx-controller --validating-webhook=:8443 --validating-webhook-certificate=/usr/local/certificates/cert --validating-webhook-key=/usr/local/certificates/key State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Completed Exit Code: 0 Started: Fri, 04 Mar 2022 11:33:40 +0200 Finished: Fri, 04 Mar 2022 11:34:50 +0200 Ready: False Restart Count: 61 Requests: cpu: 100m memory: 90Mi Liveness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=5 Readiness: http-get http://:10254/healthz delay=10s timeout=1s period=10s #success=1 #failure=3 Environment: POD_NAME: ingress-nginx-controller-7f48b8-s7pg4 (v1:metadata.name) POD_NAMESPACE: ingress-nginx (v1:metadata.namespace) LD_PRELOAD: /usr/local/lib/libmimalloc.so Mounts: /usr/local/certificates/ from webhook-cert (ro) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-zvcnr (ro) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: webhook-cert: Type: Secret (a volume populated by a Secret) SecretName: ingress-nginx-admission Optional: false kube-api-access-zvcnr: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: <nil> DownwardAPI: true QoS Class: Burstable Node-Selectors: kubernetes.io/os=linux Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning Unhealthy 23m (x316 over 178m) kubelet Readiness probe failed: HTTP probe failed with statuscode: 500 Warning BackOff 8m52s (x555 over 174m) kubelet Back-off restarting failed container Normal Pulled 3m54s (x51 over 178m) kubelet Container image "k8s.gcr.io/ingress-nginx/controller:v0.48.1#sha256:e9fb216ace49dfa4a5983b183067e97496e7a8b307d2093f4278cd550c303899" already present on machine When I try to curl the health endpoints I get Connection refused : The state of the pods shows that they are both not ready : NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-4hzzk 0/1 Completed 0 3h30m ingress-nginx-controller-7f48b8-s7pg4 0/1 CrashLoopBackOff 63 (91s ago) 3h30m I have tried to increase the values for initialDelaySeconds in /etc/nginx/nginx.conf but when I attempt to exec into the container (ks exec -it -n ingress-nginx ingress-nginx-controller-7f48b8-s7pg4 -- bash) I also get an error error: unable to upgrade connection: container not found ("controller") I am not really sure where I should be looking in the overall setup.
I have installed using instructions at this link for the Install NGINX using NodePort option. The problem is that you are using outdated k0s documentation: https://docs.k0sproject.io/v1.22.2+k0s.1/examples/nginx-ingress/ You should use this link instead: https://docs.k0sproject.io/main/examples/nginx-ingress/ You will install the controller-v1.0.0 version on your Kubernetes cluster by following the actual documentation link. $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.0/deploy/static/provider/baremetal/deploy.yaml The result is: $ sudo k0s kubectl get pods -n ingress-nginx NAME READY STATUS RESTARTS AGE ingress-nginx-admission-create-dw2f4 0/1 Completed 0 11m ingress-nginx-admission-patch-4dmpd 0/1 Completed 0 11m ingress-nginx-controller-75f58fbf6b-xrfxr 1/1 Running 0 11m
Unable to connect: Communications link failure
I am trying to follow the tutorial Deploying Debezium using the new KafkaConnector resource. Based on the tutorial, I am also using minikube but with docker driver. Basically just follow exactly step by step. However, for the step "Create the connector", after creating the connector by cat <<EOF | kubectl -n kafka apply -f - apiVersion: "kafka.strimzi.io/v1alpha1" kind: "KafkaConnector" metadata: name: "inventory-connector" labels: strimzi.io/cluster: my-connect-cluster spec: class: io.debezium.connector.mysql.MySqlConnector tasksMax: 1 config: database.hostname: 192.168.99.1 database.port: "3306" database.user: "${file:/opt/kafka/external-configuration/connector-config/debezium-mysql-credentials.properties:mysql_username}" database.password: "${file:/opt/kafka/external-configuration/connector-config/debezium-mysql-credentials.properties:mysql_password}" database.server.id: "184054" database.server.name: "dbserver1" database.whitelist: "inventory" database.history.kafka.bootstrap.servers: "my-cluster-kafka-bootstrap:9092" database.history.kafka.topic: "schema-changes.inventory" include.schema.changes: "true" EOF and check by kubectl -n kafka get kctr inventory-connector -o yaml I got error apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaConnector metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnector","metadata":{"annotations":{},"labels":{"strimzi.io/cluster":"my-connect-cluster"},"name":"inventory-connector","namespace":"kafka"},"spec":{"class":"io.debezium.connector.mysql.MySqlConnector","config":{"database.history.kafka.bootstrap.servers":"my-cluster-kafka-bootstrap:9092","database.history.kafka.topic":"schema-changes.inventory","database.hostname":"192.168.49.2","database.password":"","database.port":"3306","database.server.id":"184054","database.server.name":"dbserver1","database.user":"","database.whitelist":"inventory","include.schema.changes":"true"},"tasksMax":1}} creationTimestamp: "2021-09-29T18:20:11Z" generation: 1 labels: strimzi.io/cluster: my-connect-cluster name: inventory-connector namespace: kafka resourceVersion: "12777" uid: 083df9a3-83ce-4170-a9bc-9573dafdb286 spec: class: io.debezium.connector.mysql.MySqlConnector config: database.history.kafka.bootstrap.servers: my-cluster-kafka-bootstrap:9092 database.history.kafka.topic: schema-changes.inventory database.hostname: 192.168.49.2 database.password: "" database.port: "3306" database.server.id: "184054" database.server.name: dbserver1 database.user: "" database.whitelist: inventory include.schema.changes: "true" tasksMax: 1 status: conditions: - lastTransitionTime: "2021-09-29T18:20:11.548Z" message: |- PUT /connectors/inventory-connector/config returned 400 (Bad Request): Connector configuration is invalid and contains the following 1 error(s): A value is required You can also find the above list of errors at the endpoint `/{connectorType}/config/validate` reason: ConnectRestException status: "True" type: NotReady observedGeneration: 1 I tried to change database.user: "${file:/opt/kafka/external-configuration/connector-config/debezium-mysql-credentials.properties:mysql_username}" database.password: "${file:/opt/kafka/external-configuration/connector-config/debezium-mysql-credentials.properties:mysql_password}" to database.user: "debezium" database.password: "dbz" directly and re-apply, based on the user and password info in "Secure the database credentials" step. Also, based on the description in the tutorial I’m using database.hostname: 192.168.99.1 as IP address for connecting to MySQL because I’m using minikube with the virtualbox VM driver If you’re using a different VM driver with minikube you might need a different IP address. I am actually a little confused for above description. MySQL in the demo is deployed in Docker, while the rest of parts like Kafka are deployed in minikube. Why the description about database.hostname says minikube instead of Docker? Anyway, when I run minikube ip, I got 192.168.49.2. However, after I change database.hostname to 192.168.49.2, and run kubectl get kctr inventory-connector -o yaml -n kafka, I got apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaConnector metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnector","metadata":{"annotations":{},"labels":{"strimzi.io/cluster":"my-connect-cluster"},"name":"inventory-connector","namespace":"kafka"},"spec":{"class":"io.debezium.connector.mysql.MySqlConnector","config":{"database.history.kafka.bootstrap.servers":"my-cluster-kafka-bootstrap:9092","database.history.kafka.topic":"schema-changes.inventory","database.hostname":"192.168.49.2","database.password":"","database.port":"3306","database.server.id":"184054","database.server.name":"dbserver1","database.user":"","database.whitelist":"inventory","include.schema.changes":"true"},"tasksMax":1}} creationTimestamp: "2021-09-29T18:20:11Z" generation: 1 labels: strimzi.io/cluster: my-connect-cluster name: inventory-connector namespace: kafka resourceVersion: "12777" uid: 083df9a3-83ce-4170-a9bc-9573dafdb286 spec: class: io.debezium.connector.mysql.MySqlConnector config: database.history.kafka.bootstrap.servers: my-cluster-kafka-bootstrap:9092 database.history.kafka.topic: schema-changes.inventory database.hostname: 192.168.49.2 database.password: "" database.port: "3306" database.server.id: "184054" database.server.name: dbserver1 database.user: "" database.whitelist: inventory include.schema.changes: "true" tasksMax: 1 status: conditions: - lastTransitionTime: "2021-09-29T18:20:11.548Z" message: |- PUT /connectors/inventory-connector/config returned 400 (Bad Request): Connector configuration is invalid and contains the following 1 error(s): A value is required You can also find the above list of errors at the endpoint `/{connectorType}/config/validate` reason: ConnectRestException status: "True" type: NotReady observedGeneration: 1 I can access MySQL by localhost as it is hosted in Docker. However, I still same error when I changed database.hostname to localhost. Any idea? Thanks!
The issue is related with the service in minikube failed to communicate with the MySQL in the docker. Regarding how to access host's localhost from inside Kubernetes cluster, I found How to access host's localhost from inside kubernetes cluster However, I end up with deploying MySQL in Kubernetes direction by kubectl apply -f https://k8s.io/examples/application/mysql/mysql-pv.yaml kubectl apply -f https://k8s.io/examples/application/mysql/mysql-deployment.yaml (Copied from https://kubernetes.io/docs/tasks/run-application/run-single-instance-stateful-application/) with database.hostname: "mysql.default" # service `mysql` in namespace `default` database.port: "3306" database.user: "root" database.password: "password" Now when I run kubectl -n kafka get kctr inventory-connector -o yaml I got a new error saying MySQL not enabling row-level binlog, however, it means it can connect the MySQL now. apiVersion: kafka.strimzi.io/v1alpha1 kind: KafkaConnector metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnector","metadata":{"annotations":{},"labels":{"strimzi.io/cluster":"my-connect-cluster"},"name":"inventory-connector","namespace":"kafka"},"spec":{"class":"io.debezium.connector.mysql.MySqlConnector","config":{"database.history.kafka.bootstrap.servers":"my-cluster-kafka-bootstrap:9092","database.history.kafka.topic":"schema-changes.inventory","database.hostname":"mysql.default","database.password":"password","database.port":"3306","database.server.id":"184054","database.server.name":"dbserver1","database.user":"root","database.whitelist":"inventory","include.schema.changes":"true"},"tasksMax":1}} creationTimestamp: "2021-09-29T19:36:52Z" generation: 1 labels: strimzi.io/cluster: my-connect-cluster name: inventory-connector namespace: kafka resourceVersion: "2918" uid: 48bb46e1-42bb-4574-a3dc-221ae7d6a803 spec: class: io.debezium.connector.mysql.MySqlConnector config: database.history.kafka.bootstrap.servers: my-cluster-kafka-bootstrap:9092 database.history.kafka.topic: schema-changes.inventory database.hostname: mysql.default database.password: password database.port: "3306" database.server.id: "184054" database.server.name: dbserver1 database.user: root database.whitelist: inventory include.schema.changes: "true" tasksMax: 1 status: conditions: - lastTransitionTime: "2021-09-29T19:36:53.605Z" status: "True" type: Ready connectorStatus: connector: state: UNASSIGNED worker_id: 172.17.0.8:8083 name: inventory-connector tasks: - id: 0 state: FAILED trace: "org.apache.kafka.connect.errors.ConnectException: The MySQL server is not configured to use a row-level binlog, which is required for this connector to work properly. Change the MySQL configuration to use a row-level binlog and restart the connector.\n\tat io.debezium.connector.mysql.MySqlConnectorTask.start(MySqlConnectorTask.java:207)\n\tat io.debezium.connector.common.BaseSourceTask.start(BaseSourceTask.java:49)\n\tat org.apache.kafka.connect.runtime.WorkerSourceTask.execute(WorkerSourceTask.java:208)\n\tat org.apache.kafka.connect.runtime.WorkerTask.doRun(WorkerTask.java:177)\n\tat org.apache.kafka.connect.runtime.WorkerTask.run(WorkerTask.java:227)\n\tat java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:266)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat java.lang.Thread.run(Thread.java:748)\n" worker_id: 172.17.0.8:8083 type: source observedGeneration: 1
"jx boot" fails in "openshift-3.11" provider with "tekton pipeline controller" pod into "crashloopbackoff" state
Summary: I already have a setup of "static jenkins server" type jenkins-x running in openshift 3.11 provider. The cluster was crashed and I want to reinstall jenkins-x in my cluster but there is no support for "static jenkins server" now. So I am trying to install "jenkins-x" via "jx boot" but the installation fails with "tekton pipeline controller" pod into "crashloopbackoff" state. Steps to reproduce the behavior: jx-requirements.yml: autoUpdate: enabled: false schedule: "" bootConfigURL: https://github.com/jenkins-x/jenkins-x-boot-config.git cluster: clusterName: cic-60 devEnvApprovers: - automation environmentGitOwner: cic-60 gitKind: bitbucketserver gitName: bs gitServer: http://rtx-swtl-git.fnc.net.local namespace: jx provider: openshift registry: docker-registry.default.svc:5000 environments: - ingress: domain: 172.29.35.81.nip.io externalDNS: false namespaceSubDomain: -jx. tls: email: "" enabled: false production: false key: dev repository: environment-cic-60-dev - ingress: domain: "" externalDNS: false namespaceSubDomain: "" tls: email: "" enabled: false production: false key: staging repository: environment-cic-60-staging - ingress: domain: "" externalDNS: false namespaceSubDomain: "" tls: email: "" enabled: false production: false key: production repository: environment-cic-60-production gitops: true ingress: domain: 172.29.35.81.nip.io externalDNS: false namespaceSubDomain: -jx. tls: email: "" enabled: false production: false kaniko: true repository: nexus secretStorage: local storage: backup: enabled: false url: "" logs: enabled: false url: "" reports: enabled: false url: "" repository: enabled: false url: "" vault: {} velero: schedule: "" ttl: "" versionStream: ref: v1.0.562 url: https://github.com/jenkins-x/jenkins-x-versions.git webhook: lighthouse Expected behavior: All the pods under jx namespace should be up & running and jenkins-x should be installed properly Actual behavior: Tekton pipeline controller pod is into "CrashLoopBackOff" state with error: Pods with status in "jx" namespace: NAME READY STATUS RESTARTS AGE jenkins-x-chartmuseum-5687695d57-pp994 1/1 Running 0 1d jenkins-x-controllerbuild-78b4b56695-mg2vs 1/1 Running 0 1d jenkins-x-controllerrole-765cf99bdb-swshp 1/1 Running 0 1d jenkins-x-docker-registry-5bcd587565-rhd7q 1/1 Running 0 1d jenkins-x-gcactivities-1598421600-jtgm6 0/1 Completed 0 1h jenkins-x-gcactivities-1598423400-4rd76 0/1 Completed 0 43m jenkins-x-gcactivities-1598425200-sd7xm 0/1 Completed 0 13m jenkins-x-gcpods-1598421600-z7s4w 0/1 Completed 0 1h jenkins-x-gcpods-1598423400-vzb6p 0/1 Completed 0 43m jenkins-x-gcpods-1598425200-56zdp 0/1 Completed 0 13m jenkins-x-gcpreviews-1598421600-5k4vf 0/1 Completed 0 1h jenkins-x-nexus-c7dcb47c7-fh7kx 1/1 Running 0 1d lighthouse-foghorn-654c868bc8-d5w57 1/1 Running 0 1d lighthouse-gc-jobs-1598421600-bmsq8 0/1 Completed 0 1h lighthouse-gc-jobs-1598423400-zskt5 0/1 Completed 0 43m lighthouse-gc-jobs-1598425200-m9gtd 0/1 Completed 0 13m lighthouse-jx-controller-6c9b8994bd-qt6tc 1/1 Running 0 1d lighthouse-keeper-7c6fd9466f-gdjjt 1/1 Running 0 1d lighthouse-webhooks-56668dc58b-4c52j 1/1 Running 0 1d lighthouse-webhooks-56668dc58b-8dh27 1/1 Running 0 1d tekton-pipelines-controller-76c8c8dd78-llj4c 0/1 CrashLoopBackOff 436 1d tiller-7ddfd45c57-rwtt9 1/1 Running 0 1d Error log: 2020/08/24 18:38:00 Registering 4 clients 2020/08/24 18:38:00 Registering 3 informer factories 2020/08/24 18:38:00 Registering 8 informers 2020/08/24 18:38:00 Registering 2 controllers {"level":"info","caller":"logging/config.go:108","msg":"Successfully created the logger."} {"level":"info","caller":"logging/config.go:109","msg":"Logging level set to info"} {"level":"fatal","logger":"tekton","caller":"sharedmain/main.go:149","msg":"Version check failed","commit":"821ac4d","error":"kubernetes version \"v1.11.0\" is not compatible, need at least \"v1.14.0\" (this can be overridden with the env var \"KUBERNETES_MIN_VERSION\")","stacktrace":"github.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain.MainWithConfig\n\tgithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain/main.go:149\ngithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain.MainWithContext\n\tgithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain/main.go:114\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/controller/main.go:72\nruntime.main\n\truntime/proc.go:203"} After downgrading the tekton image from "0.11.0" to "0.9.0" the tekton pipeline controller pod is into running state. And a new tekton pipeline webhook pod got created and it is into "Crashloopbackoff" Jx version: Version 2.1.127 Commit 4bc05a9 Build date 2020-08-05T20:34:57Z Go version 1.13.8 Git tree state clean Diagnostic information: The output of jx diagnose version is: Running in namespace: jx Version 2.1.127 Commit 4bc05a9 Build date 2020-08-05T20:34:57Z Go version 1.13.8 Git tree state clean NAME VERSION Kubernetes cluster v1.11.0+d4cacc0 kubectl (installed in JX_BIN) v1.16.6-beta.0 helm client 2.16.9 git 2.24.1 Operating System "CentOS Linux release 7.8.2003 (Core)" Please visit https://jenkins-x.io/faq/issues/ for any known issues. Finished printing diagnostic information Kubernetes cluster: openshift - 3.11 Kubectl version: Client Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.0+d4cacc0", GitCommit:"d4cacc0", GitTreeState:"clean", BuildDate:"2018-10-15T09:45:30Z", GoVersion:"go1.10.2", Compiler:"gc", Platform:"linux/amd64"} Operating system / Environment: NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" I need to install "jenkins-x" via "jx boot" in "openshift-3.11" which uses default kubernetes version - 1.11.0 but "jx boot" requires atleast 1.14.0. Please suggest if there is any work around to get jenkins-x on openshift-3.11
As the error message shows (in the crashloop), kubernetes version "v1.11.0" is not compatible, need at least "v1.14.0", which make it not installable on OpenShift 3 (as it ships with Kubernetes 1.11.0). It seems jenkins-X comes with Tetkon Pipelines v0.14.2 which requires at least Kubernetes 1.14.0 (and later releases like Tekton Pipelines v0.15.0 requires Kubernetes 1.16.0). {"level":"fatal","logger":"tekton","caller":"sharedmain/main.go:149","msg":"Version check failed","commit":"821ac4d","error":"kubernetes version \"v1.11.0\" is not compatible, need at least \"v1.14.0\" (this can be overridden with the env var \"KUBERNETES_MIN_VERSION\")","stacktrace":"github.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain.MainWithConfig\n\tgithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain/main.go:149\ngithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain.MainWithContext\n\tgithub.com/tektoncd/pipeline/vendor/knative.dev/pkg/injection/sharedmain/main.go:114\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/controller/main.go:72\nruntime.main\n\truntime/proc.go:203"} Theorically, setting KUBERNETES_MIN_VERSION in the controller deployment might make it work but it is not being tested and most likely the controller won't behave correctly as it's using feature that are not available in 1.11.0. Other than this, there is no workaround that I know of.
Upgrading K8S cluster from v1.2.0 to v1.3.0
I have 1 master and 4 minions all running on version 1.2.0. I am planning to upgrade them to 1.3.0. I want this done with minimal downtime. So I did the following on one minion. systemctl stop kubelet yum update kubernetes-1.3.0-0.3.git86dc49a.el7 systemctl start kubelet Once I bring up the service, i see the following ERROR. Mar 28 20:36:55 csdp-e2e-kubernetes-minion-6 kubelet[9902]: E0328 20:36:55.215614 9902 kubelet.go:1222] Unable to register node "172.29.240.169" with API server: the body of the request was in an unknown format - accepted media types include: application/json, application/yaml Mar 28 20:36:55 csdp-e2e-kubernetes-minion-6 kubelet[9902]: E0328 20:36:55.217612 9902 event.go:198] Server rejected event '&api.Event{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"172.29.240.169.14b01ded8fb2d07b", GenerateName:"", Namespace:"default", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]api.OwnerReference(nil), Finalizers:[]string(nil)}, InvolvedObject:api.ObjectReference{Kind:"Node", Namespace:"", Name:"172.29.240.169", UID:"172.29.240.169", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"NodeHasSufficientDisk", Message:"Node 172.29.240.169 status is now: NodeHasSufficientDisk", Source:api.EventSource{Component:"kubelet", Host:"172.29.240.169"}, FirstTimestamp:unversioned.Time{Time:time.Time{sec:63626321182, nsec:814949499, loc:(*time.Location)(0x4c8a780)}}, LastTimestamp:unversioned.Time{Time:time.Time{sec:63626330215, nsec:213372890, loc:(*time.Location)(0x4c8a780)}}, Count:1278, Type:"Normal"}': 'the body of the request was in an unknown format - accepted media types include: application/json, application/yaml' (will not retry!) Mar 28 20:36:55 csdp-e2e-kubernetes-minion-6 kubelet[9902]: E0328 20:36:55.246100 9902 event.go:198] Server rejected event '&api.Event{TypeMeta:unversioned.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"172.29.240.169.14b01ded8fb2fc88", GenerateName:"", Namespace:"default", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:unversioned.Time{Time:time.Time{sec:0, nsec:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*unversioned.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]api.OwnerReference(nil), Finalizers:[]string(nil)}, InvolvedObject:api.ObjectReference{Kind:"Node", Namespace:"", Name:"172.29.240.169", UID:"172.29.240.169", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"NodeHasSufficientMemory", Message:"Node 172.29.240.169 status is now: NodeHasSufficientMemory", Source:api.EventSource{Component:"kubelet", Host:"172.29.240.169"}, FirstTimestamp:unversioned.Time{Time:time.Time{sec:63626321182, nsec:814960776, loc:(*time.Location)(0x4c8a780)}}, LastTimestamp:unversioned.Time{Time:time.Time{sec:63626330215, nsec:213381138, loc:(*time.Location)(0x4c8a780)}}, Count:1278, Type:"Normal"}': 'the body of the request was in an unknown format - accepted media types include: application/json, application/yaml' (will not retry!) Is v1.2.0 incompatible with v1.3.0 ? Seems like the issue is with JSON incompatibility ? application/json, application/yaml From master standpoint :: [root#kubernetes-master ~]# kubectl get nodes NAME STATUS AGE 172.29.219.105 Ready 3h 172.29.240.146 Ready 3h 172.29.240.168 Ready 3h 172.29.240.169 NotReady 3h The node that I upgraded is in NotReady state.
As per the documentation you must upgrade your master components (kube-scheduler, kube-apiserver and kube-controller-manager) before your node components (kubelet, kube-proxy). https://kubernetes.io/docs/getting-started-guides/ubuntu/upgrades/