Fails to start control-plane #2
Comments
|
Hi amogado,
I'm sorry to hear that the Secretless K8s demo isn't working for you.
What is the Docker environment that you're using to run the demo, i.e. is
this on a Mac (e.g. with Docker Desktop?) or Windows machine, and what's
the Docker version on your host?
From your logs, it appears that the demo container is failing very early,
when it is trying to run Kubernetes-in-Docker (KinD), and KinD is using
'kubeadm' to start up control plane Pods. That corresponds to these lines
in the runner script:
https://github.com/diverdane/secretless-k8s-demo/blob/master/secretless_demo_runner#L13-L14
I'm at a loss as to why the
Unfortunately, the image used in this demo hasn't been upgraded in 3 years,
and I hadn't tried running this in a few years. I just now tried running
this demo on a Ubuntu VM (Ubuntu 18.04, so it's an older version of
Docker), and it seems to be working (although it took a while for the
Grafana Pod to come up).
I suspect that you're trying this on Mac / Docker Desktop? I'm wondering if
there's some incompatibility between the demo container and newer versions
of Docker, or maybe there's a subtle Docker networking issue.
Sorry if I'm a bit hazy on the details here. I'm actually retired now (for
about 7 months now), so things are a bit fuzzy.
If you're using Mac, I think your best bet and your path of least
resistance would be to try to run Kubernetes directly on your Mac's Docker
Desktop environment. If you can get Kubernetes working, then you should be
able to follow the demo here:
https://secretless.io/tutorials/kubernetes/kubernetes-tutorial-base.html
If the Secretless tutorial doesn't work in your Kubernetes environment,
then you should be able to get some assistance by raising questions on
CyberArk Commons in the Secretless Broker category:
https://discuss.cyberarkcommons.org/c/secretless-broker/6
Hope this helps,
Dane
…On Fri, Sep 23, 2022 at 1:49 PM amogado ***@***.***> wrote:
I was following the tutorial you published here (which I quite the same
than the Readme of this repo) and, unfortunately, I face issues during the
first docker deployment of the custom Kind cluster image :
`bash
Start the demo
docker run --rm --name secretless-demo-client -p 30303:8001 -p 3000:3000
-v /var/run/docker.sock:/var/run/docker.sock -it
diverdane/secretless-k8s-demo:v1.17.0
The ControlPlane can't go up with this image and the only way to get out
the loop is to restart the docker or getting the container down
systemctl restart docker # or
docker stop secretless-demo-client
This is my output : output below
***@***.***:~$ docker run --rm --name secretless-demo-client -p
30303:8001 -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock -it
diverdane/secretless-k8s-demo
Bringing up a cluster
Creating cluster "secretless-kube" ...
✓ Ensuring node image (kindest/node:v1.17.0) 🖼
✓ Preparing nodes 📦 📦 📦
✓ Writing configuration 📜
✗ Starting control-plane 🕹️
ERROR: failed to create cluster: failed to init node with kubeadm: command
"docker exec --privileged secretless-kube-control-plane kubeadm init
--ignore-preflight-errors=all --config=/kind/kubeadm.conf
--skip-token-print --v=6" failed with error: exit status 1
Modifying Kubernetes config to point to Kind master node
Error: No such object: secretless-kube-control-plane
sed: /root/.kube/config: No such file or directory
=====================================================================
Deploying Kubernetes dashboard and create a dashboard service account
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
Setting up Kubectl Proxy
===========================
Deploying Grafana Dashboard
Starting to serve on 172.17.0.2:8001
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
Error: looks like "https://kubernetes-charts.storage.googleapis.com" is
not a valid chart repository or cannot be reached: failed to fetch
https://kubernetes-charts.storage.googleapis.com/index.yaml : 403
Forbidden
Error: failed to download "stable/grafana" (hint: running 'helm repo
update' may help)
====================================================
Deploying CyberArk Secretless Broker Kubernetes Demo
------------------------------
Security Administrator Setup:
Running script to:
1. Create a PostgreSQL database
2. Create a DB user for the application
3. Add that user's credentials to Kubernetes Secrets
4. Configure Secretless to connect to PostgreSQL using those credentials
Deleting namespace 'quick-start-backend-ns'...
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
------------------------------
Application Developer Setup:
Running script to:
1. Configure the application to connect to PostgreSQL via Secretless
2. Deploy the application and the Secretless sidecar
3. Test the application
--- Start application
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
====================================================
The Secretless Broker Kubernetes demo is running!!!
A Pet Store application pod has been deployed that
contains both an application container and a CyberArk Secretless
Broker sidecar container. The Secretless Broker sidecar container
allows the application to connect to a password-protected Postgres
database without any knowledge of database credentials!!!
To see the Kubernetes resources that have been configured,
start with the following commands:
kubectl get namespaces
kubectl get all -n quick-start-application-ns
kubectl get all -n quick-start-backend-ns
To see the CyberArk Secretless Broker in action, use the scripts
in /root to create and list pets in the pet store:
add_pet "Genghis D. Dog"
add_pet "Miss Ava"
add_pet "Mr. Roboto"
list_pets
====================================================
==================================================================
You can access the Kubernetes dashboard at the following location:
http://127.0.0.1:30303/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
You will be prompted for login credentials. Run the following script
to display the dashboard access token:
get_dashboard_token
==================================================================
Waiting for Grafana pod to become ready
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
The connection to the server localhost:8080 was refused - did you specify
the right host or port?
. The connection to the server localhost:8080 was refused - did you
specify the right host or port?
. The connection to the server localhost:8080 was refused - did you
specify the right host or port?
. The connection to the server local
output above (which ends in a loop, as you can see)
`
Could you please help ?
Thank you for your tutorial, nevertheless 🙂
—
Reply to this email directly, view it on GitHub
<#2>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGEIUY4MXTYIZI42I2MQYE3V7X3SNANCNFSM6AAAAAAQUHD5C4>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I was following the tutorial you published here (which I quite the same than the Readme of this repo) and, unfortunately, I face issues during the first docker deployment of the custom Kind cluster image :
`
`
Could you please help ?
Thank you for your tutorial, nevertheless 🙂
The text was updated successfully, but these errors were encountered: