When I am running this command for weave network, it is showing this error.
[root#ts ~]# kubectl apply -f https://git.io/weave-kube
error validating "https://git.io/weave-kube": error validating data: [unexpected type: object, unexpected type: object, unexpected type: object, unexpected type: object]; if you choose to ignore these errors, turn validation off with --validate=false
How to resolve this?
#verma_neeraj,
Does this still and consistently happen to you?
Which Kubernetes version are you using?
What happens if you run curl https://git.io/weave-kube?
I can confirm the YAML file available at https://git.io/weave-kube successfully configures the Weave Net daemonset under Kubernetes versions 1.5.+, but I have not tried other versions.
Anticipating an issue related to Kubernetes versions, note that there is work being done to support multiple Kubernetes versions, see these two GitHub issues.
This should be available in the coming weeks.
(Disclosure: I work for Weaveworks)
Related
I'm having some issues when trying to use Hashicorp vault template (with terraform to.be.continuous).
Actually when I use it with terraform-vault template I got an error message.
This is a summary of .gitlab-ci.yml
include:
- project: "to-be-continuous/terraform"
ref: "2.4.0"
file: "templates/gitlab-ci-terraform.yml"
# Vault variant
- project: 'to-be-continuous/terraform'
ref: '2.4.0'
file: '/templates/gitlab-ci-terraform-vault.yml'
variables:
VAULT_BASE_URL: "https://vault.secrets.tech.orange/v1"
VAULT_ROLE_ID: $VAULT_ROLE_ID
VAULT_SECRET_ID: $VAULT_SECRET_ID
GCP_MYSECRET: "#url#http://vault-secrets-provider/api/secrets/XXX/gcp/credentials?field=mygcpsecret"
Error Message:
[ERROR] Failed getting secret GCP_MYSECRET:
... Connecting to vault-secrets-provider (127.0.0.1:80)
... wget: server returned error: HTTP/1.1 404 Not Found
I tried without vault template and it works.
Would you please help me with this? Or perhaps, where I can ask for some help?
It turns out you were facing this issue due to a Kubernetes runners limitation.
As stated in GitLab documentation,
Kubernetes runners cannot use several services using the same port
As a result, using the tracking service in addition to another one using the same port (80) fails.
It has now been fixed.
I was trying to showcase binary authorization to my client as POC. During the deployment, it is failing with the following error message:
pods "hello-app-6589454ddd-wlkbg" is forbidden: image policy webhook backend denied one or more images: Denied by cluster admission rule for us-central1.staging-cluster. Denied by Attestor. Image gcr.io//hello-app:e1479a4 denied by projects//attestors/vulnz-attestor: Attestor cannot attest to an image deployed by tag
I have adhered all steps mentioned in the site.
I have verified the image repeatedly for few occurances, for example using below command to force fully make the attestation:
gcloud alpha container binauthz attestations sign-and-create --project "projectxyz" --artifact-url "gcr.io/projectxyz/hello-app#sha256:82f1887cf5e1ff80ee67f4a820703130b7d533f43fe4b7a2b6b32ec430ddd699" --attestor "vulnz-attestor" --attestor-project "projectxyz" --keyversion "1" --keyversion-key "vulnz-signer" --keyversion-location "us-central1" --keyversion-keyring "binauthz" --keyversion-project "projectxyz"
It throws error as:
ERROR: (gcloud.alpha.container.binauthz.attestations.sign-and-create) Resource in project [project xyz] is the subject of a conflict: occurrence ID "c5f03cc3-3829-44cc-ae38-2b2b3967ba61" already exists in project "projectxyz"
So when I verify, I found the attestion present:
gcloud beta container binauthz attestations list --artifact-url "gcr.io/projectxyz/hello-app#sha256:82f1887cf5e1ff80ee67f4a820703130b7d533f43fe4b7a2b6b32ec430ddd699" --attestor "vulnz-attestor" --attestor-project "projectxyz" --format json | jq '.[0].kind' \
> | grep 'ATTESTATION'
"ATTESTATION"
Here are the screen shots:
Any feedback please?
Thanks in advance.
Thank you for trying Binary Authorization. I just updated the Binary Authorization Solution, which you might find helpful.
A few things I noticed along the way:
... denied by projects//attestors/vulnz-attestor:
There should be a project ID in between projects and attestors, like:
projects/my-project/attestors/vulnz-attestor
Similarly, your gcr.io links should include that same project ID, for example:
gcr.io//hello-app:e1479a4
should be
gcr.io/my-project/hello-app:e1479a4
If you followed a tutorial, it likely asked you to set a variable like $PROJECT_ID, but you may have accidentally unset it or ran the command in a different terminal session.
After pointed to another repository problem solved, but before that you were having problems and there could be many reasons. please contact support with error message if you are having the same problem.
I am using circleCI for deployments, with AKS version 1.11 , the pipelines were working fine but after the AKS upgradation to 1.14.6, failure is seen while applying the deployment and service object files.
I deployed manually at kubernetes cluster, there didn't appear any error but while deploying through circleCI, I am getting following kind of errors while using version 2 of circleCI
error: SchemaError(io.k8s.api.extensions.v1beta1.DeploymentRollback):
invalid object doesn't have additional properties
or the other kind of error appears like -
error: SchemaError(io.k8s.api.core.v1.StorageOSVolumeSource): invalid
object doesn't have additional properties
It's most likely that the version of kubectl used in CircleCI isn't supported by 1.14.6. Note that kubectl version must be either 1.n, 1.(n+1) or 1.(n-1) where n is the minor version of the cluster. In this case your kubectl must be at least 1.13.x or at most 1.15.x
Checkout Kubernetes version and version skew support policy for more details.
I'm trying to install Istio with automatic sidecar injection into Kubernetes. My environment consists of three masters and two nodes and was built on Azure using the Azure Container Service marketplace product.
Following the documentation located here, I have so far enabled RBAC and DynamicAdmissionControl. I have accomplished this by modifying /etc/kubernetes/istio-inializer.yaml on the Kubernetes Master by adding the following content outlined in red and then restarting the Kubernetes Master using the Unix command, reboot.
The next step in the documentation is to apply the yaml using kubectl. I assume that the documentation intends for the user to clone the Istio repository and cd into it before this step but that is unmentioned.
git clone https://github.com/istio/istio.git
cd istio
kubectl apply -f install/kubernetes/istio-initializer.yaml
After which the following error occurs:
user#hostname:~/istio$ kubectl apply -f install/kubernetes/istio-initializer.yaml
configmap "istio-inject" configured
serviceaccount "istio-initializer-service-account" configured
error: error validating "install/kubernetes/istio-initializer.yaml": error validating data: found invalid field initializers for v1.ObjectMeta; if you choose to ignore these errors, turn validation off with --validate=false
If I attempt to execute kubectl apply with the mentioned flag, validate=false, then this error is generated instead:
user#hostname:~/istio$ kubectl apply -f install/kubernetes/istio-initializer.yaml --validate=false
configmap "istio-inject" configured
serviceaccount "istio-initializer-service-account" configured
deployment "istio-initializer" configured
error: unable to recognize "install/kubernetes/istio-initializer.yaml": no matches for admissionregistration.k8s.io/, Kind=InitializerConfiguration
I'm not sure where to go from here. The problem appears to be related to the admissionregistration.k8s.io/v1alpha1 block in the yaml but I'm unsure what specifically is incorrect in this block.
apiVersion: admissionregistration.k8s.io/v1alpha1
kind: InitializerConfiguration
metadata:
name: istio-sidecar
initializers:
- name: sidecar.initializer.istio.io
rules:
- apiGroups:
- "*"
apiVersions:
- "*"
resources:
- deployments
- statefulsets
- jobs
- daemonsets
Installed version of Kubernetes:
user#hostname:~/istio$ kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.6", GitCommit:"7fa1c1756d8bc963f1a389f4a6937dc71f08ada2", GitTreeState:"clean", BuildDate:"2017-06-16T18:21:54Z", GoVersion:"go1.7.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.6", GitCommit:"7fa1c1756d8bc963f1a389f4a6937dc71f08ada2", GitTreeState:"clean", BuildDate:"2017-06-16T18:21:54Z", GoVersion:"go1.7.6", Compiler:"gc", Platform:"linux/amd64"}
I suspect this is a versioning mismatch. As a follow up question, is it possible to deploy a version of kubernetes >= 1.7.4 to Azure using ACS?
I'm fairly new to working with Kubernetes so if anyone could help I would greatly appreciate it. Thank you for your time.
Seems to be a versioning problem as the alpha feature is supported for k8s version> 1.7 as mentioned here (https://kubernetes.io/docs/admin/extensible-admission-controllers/#what-are-initializers).
1.7 introduces two alpha features, Initializers and External Admission
Webhooks, that address these limitations. These features allow admission
controllers to be developed out-of-tree and configured at runtime.
And it is possible to deploy a version of kubernetes >= 1.7.4 to Azure. Note sure about the deployed version using the portal. But if you use acs-egnine to generate the ARM template, it is possible to deploy a cluster with version 1.7.5.
You can refer here for the procedures https://github.com/Azure/acs-engine. Basically it involves three steps. First, you should create the json file by referring to the clusterDefinition section. To use version 1.7.5, you should specify the attribute "orchestratorRelaease" to be "1.7" and also enable the RBAC by specifying the attribute "enableRbac" to be true. Second, use the acs engine (version >= 0.6.0) to parse the json file to ARM template (azuredeploy.json & azuredeploy.parameters.json should be created). Lastly, use the command "New-AzureRmResourceGroupDeployment" in powershell to deploy the cluster to Azure.
Hope this helps :)
I am having issues with node-red and can no longer run any flows, i am not sure what to do anymore.
i get the following error
Imported unrecognised type: mqtt-env-broker
Flows stopped due to missing node types. Check logs for details.
Tried to remove this module from the palette but get the following error, i am also unable to disable it
Failed to remove: node-red-contrib-mqtt-env
Error: Type in use: mqtt-env-broker
Check the log for more information
I have installed the node-red-admin and tried to remove it from command line, so i issued the following command
sudo node-red-admin remove node-red-contrib-mqtt-env/mqtt-env
i get the following error
404: Cannot DELETE /nodes/node-red-contrib-mqtt-env/mqtt-env
this is what i get when i ran the following command
node-red-admin list
Nodes Types State
node-red-contrib-mqtt-env/mqtt-env mqtt-env in error
mqtt-env out
mqtt-env-broker
node-red-dashboard/ui_audio ui_audio enabled
...
...
node-red/mqtt mqtt in error
mqtt out
mqtt-broker
The flows are stopped because they are trying to use a node type you have not got installed - or in this instance, it appears, is hitting an error when it tries to start
The runtime won't let you remove the node because it is referenced in your flow.
To fix this you need to delete any of the nodes referenced by this module from your flow. The name mqtt-env-broker suggests it is a configuration node rather than a regular flow node. Open the Configuration Nodes sidebar panel (from the drop-down menu) and look for any unknown config nodes. Double click on them and delete them. Once you've removed them, hit deploy and things should start working again.
You should then be able to delete the node module from your runtime.