Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Shipyard Helm deploy scripts work with K8s 1.24 #236

Closed
dfarrell07 opened this issue Jul 6, 2022 · 2 comments · Fixed by #237
Closed

Make Shipyard Helm deploy scripts work with K8s 1.24 #236

dfarrell07 opened this issue Jul 6, 2022 · 2 comments · Fixed by #237
Assignees
@skitt
Labels
bug Something isn't working

Comments

@dfarrell07
Copy link
Member

There seems to be an issue with the Shipyard scripts that deploy Helm on K8s 1.24.

[cluster1] Installing Submariner...
[16:28:33.529] [shipyard]$ [cluster1] helm --kube-context cluster1 install submariner-operator submariner-latest/submariner-operator --create-namespace --namespace submariner-operator --set ipsec.psk=lWWBU8Qe7sTBCUtmiGj06gdvvsGpmuJkUccILJvfhveWoiOAoJcBy6KSu1NXOcHc --set broker.server=172.18.0.6:6443 --set broker.token= --set broker.namespace=submariner-k8s-broker --set broker.ca= --set broker.globalnet=false --set submariner.serviceDiscovery=false --set submariner.cableDriver=libreswan --set submariner.clusterId=cluster1 --set submariner.clusterCidr=10.1.0.0/16 --set submariner.serviceCidr=100.1.0.0/16 --set submariner.globalCidr= --set serviceAccounts.globalnet.create=false --set serviceAccounts.lighthouseAgent.create=false --set serviceAccounts.lighthouseCoreDns.create=false --set submariner.natEnabled=false --set operator.image.repository=localhost:5000/submariner-operator --set operator.image.tag=local --set operator.image.pullPolicy=IfNotPresent --set submariner.images.repository=localhost:5000 --set submariner.images.tag=local --set brokercrds.create=false
[cluster1] Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(Submariner.spec): missing required field "brokerK8sApiServerToken" in io.submariner.v1alpha1.Submariner.spec, ValidationError(Submariner.spec): missing required field "brokerK8sCA" in io.submariner.v1alpha1.Submariner.spec]

The main errors being missing required field "brokerK8sApiServerToken" and missing required field "brokerK8sCA". Note that --set broker.ca= and set broker.token= are null.

They are derived here:

    submariner_broker_ca=$(kubectl -n "${BROKER_NAMESPACE}" get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${BROKER_CLIENT_SA}')].data['ca\.crt']}")
    submariner_broker_token=$(kubectl -n "${BROKER_NAMESPACE}" get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${BROKER_CLIENT_SA}')].data.token}"|base64 --decode)

I suspect the issue is related to the Secret/Token changes in K8s 1.24 that we've been adjusting to elsewhere.
@dfarrell07 dfarrell07 added the bug Something isn't working label Jul 6, 2022
@dfarrell07 dfarrell07 mentioned this issue Jul 6, 2022
Closed
@skitt
Copy link
Member

skitt commented Jul 6, 2022

You’re right, this is happening because the SAs aren’t getting secrets.

This was referenced Jul 6, 2022
Merged
Merged
@skitt skitt transferred this issue from submariner-io/shipyard Jul 6, 2022
@skitt
Copy link
Member

skitt commented Jul 6, 2022

This isn’t caused by the Shipyard deployment scripts, but by the charts themselves; they need to create secrets in addition to SAs.

@skitt skitt self-assigned this Jul 6, 2022
@skitt skitt mentioned this issue Jul 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skitt skitt

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create secrets along with SAs skitt/submariner-charts
2 participants
@dfarrell07 @skitt