-
Bug
-
Resolution: Done
-
Medium
-
Beijing Release
Fix: Stay on Kubernetes 1.8 - not 1.9.0 - as there is a problem creating the secret for protected nexus repositories in the new version of Kubernetes - as it just came out of RC
instead of
#curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
use
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.4/bin/linux/amd64/kubectl
see our raised
https://github.com/kubernetes/kubernetes/issues/57528
This is failing create_registry_key() { cmd=`echo kubectl --namespace $1-$2 create secret docker-registry $3 --docker-server=$4 --docker-username=$5 --docker-password=$6 --docker-email=$7` eval ${cmd} check_return_code $cmd }
note: 1.9.0 was released 6 days ago
https://github.com/kubernetes/kubernetes/releases/tag/v1.9.0
ubuntu@ip-172-31-83-79:~$ kubectl versionClient Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:28:34Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}Server Version: version.Info{Major:"1", Minor:"7+", GitVersion:"v1.7.7-rancher1", GitCommit:"a1ea37c6f6d21f315a07631b17b9537881e1986a", GitTreeState:"clean", BuildDate:"2017-10-02T21:33:08Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Adjust
https://wiki.onap.org/display/DW/ONAP+on+Kubernetes#ONAPonKubernetes-QuickstartInstallation
https://github.com/obrienlabs/onap-root/blob/master/oom_rancher_setup_1.sh
Issue
On certain systems - and on my new physical nuc system - the pulls from nexus3 involving the refactored secret config are failing.
Two other developers are also getting secured docker pulls failing
On the Jenkins CD system we pass because the version of kubectl was below 1.9.0
On my VM systems both the unsecured dockerhub and the secured nexus3 pulls work fine
on this system out of the box - the secured pulls are failing
AAI
search-data-service
onap-aai
app: search-data-service0 / 19 hours
nexus3.onap.org:10001/onap/search-data-service:v1.1.0
docker.elastic.co/beats/filebeat:5.5.0more_vert
Failed to pull image "nexus3.onap.org:10001/onap/search-data-service:v1.1.0": rpc error: code = 2 desc = unauthorized: authentication required
Error syncing pod
michael@oskub0:~$ sudo su - [sudo] password for michael: root@oskub0:~# kubectl get pods --all-namespaces -a NAMESPACE NAME READY STATUS RESTARTS AGE kube-system heapster-4285517626-hp1b8 1/1 Running 0 1d kube-system kube-dns-638003847-7fkx0 3/3 Running 0 1d kube-system kubernetes-dashboard-716739405-5j9j5 1/1 Running 0 1d kube-system monitoring-grafana-2360823841-64wc4 1/1 Running 0 1d kube-system monitoring-influxdb-2323019309-jnv7z 1/1 Running 0 1d kube-system tiller-deploy-737598192-8tqcb 1/1 Running 0 1d onap config 0/1 Completed 0 9h onap-aai aai-resources-122881374-s5qd4 1/2 ImagePullBackOff 0 9h onap-aai aai-service-749944520-8r3bq 0/1 Init:0/1 54 9h onap-aai aai-traversal-3810717509-npnls 0/2 Init:0/1 54 9h onap-aai data-router-3434587794-5kl0z 0/1 ImagePullBackOff 0 9h onap-aai elasticsearch-622738319-6fggp 1/1 Running 0 9h onap-aai hbase-1949550546-nxnmx 1/1 Running 0 9h onap-aai model-loader-service-4144225433-mnshh 1/2 ImagePullBackOff 0 9h onap-aai search-data-service-378072033-3dvmv 1/2 ImagePullBackOff 0 9h onap-aai sparky-be-3094577325-npj57 1/2 ImagePullBackOff 0 9h root@oskub0:~# kubectl -n onap-aai logs -f model-loader-service-4144225433-mnshh model-loader-service Error from server (BadRequest): container "model-loader-service" in pod "model-loader-service-4144225433-mnshh" is waiting to start: trying and failing to pull image
If I pull manually outside of K8S - we are fine
- blocks
-
OOM-535 Upgrade Kubernetes from 1.8.6 to 1.9.2
- Closed
- relates to
-
OOM-3 Docker credentials secret missing from deployment yaml files - image download failing
- Closed
-
LOG-287 Rancher 2.1 deployment POC
- Closed
-
OOM-429 DOC: Document HELM server version 2.7.2 required for tpl usage
- Closed
-
OOM-406 In Kubernetes 1.8, the annotations are no longer supported and must be converted to the PodSpec field.
- Closed
-
OOM-457 In Kubernetes 1.8, init-container annotations to be converted to PodSpec field for aaf, clamp and vfc
- Closed
- links to