Hi,
I am trying to deploy conjur oss on GKE and encountering the following error.
Attaching logs and screen shots.
null__logs__2020-02-26T12-32.txt (115.8 KB)
Hey @saravanant23 can you provide us with the following so that we can better assess the problem:
- Version of Conjur OSS app you are deploying
- GKE Kubernetes version on your cluster
- Settings of your cluster
- Non-json logs (these are hard to parse visually but if you can’t provide us with regular logs we can figure something out).
Thanks,
Srdjan
Hi Srdian,
I am attaching the draft which I followed thru… To answer your question,
GKE Version - 1.15.7-gke.23
Conjur version - I couldn’t find the version…
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
creationTimestamp: “2020-02-26T17:32:36Z”
generation: 694
name: conjur-open-source-1
namespace: default
resourceVersion: “378840”
selfLink: /apis/app.k8s.io/v1beta1/namespaces/default/applications/conjur-open-source-1
uid: d6a86ce2-28e2-4f2e-ac0e-f96f8d0ba490
spec:
assemblyPhase: Failed
componentKinds:
- group: “”
kind: ConfigMap - group: “”
kind: Secret - group: “”
kind: ServiceAccount - group: rbac.authorization.k8s.io
kind: Role - group: rbac.authorization.k8s.io
kind: RoleBinding - group: batch
kind: Job
descriptor: {}
selector:
matchLabels:
app.kubernetes.io/name: conjur-open-source-1
status:
components: - link: /api/v1/namespaces/default/serviceaccounts/conjur-open-source-1-conjur-oss-serviceaccount-name-e6f1
name: conjur-open-source-1-conjur-oss-serviceaccount-name-e6f1
status: Ready - link: /apis/batch/v1/namespaces/default/jobs/conjur-open-source-1-deployer
name: conjur-open-source-1-deployer
status: Ready - link: /api/v1/namespaces/default/configmaps/conjur-open-source-1-deployer-config
name: conjur-open-source-1-deployer-config
status: Ready - link: /apis/rbac.authorization.k8s.io/v1beta1/namespaces/default/rolebindings/conjur-open-source-1-deployer-rb
name: conjur-open-source-1-deployer-rb
status: Ready - link: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/conjur-open-source-1-deployer-rb
name: conjur-open-source-1-deployer-rb
status: Ready - link: /api/v1/namespaces/default/serviceaccounts/conjur-open-source-1-deployer-sa
name: conjur-open-source-1-deployer-sa
status: Ready
conditions: - lastTransitionTime: “2020-02-26T17:32:36Z”
lastUpdateTime: “2020-02-26T17:32:36Z”
message: all components ready
reason: ComponentsReady
status: “True”
type: Ready - lastTransitionTime: “2020-02-26T17:32:36Z”
lastUpdateTime: “2020-02-26T17:32:36Z”
message: No error seen
reason: NoError
status: “False”
type: Error
I would recommend to reproduce the scenario , if you can so you can view the logs.
Thanks
Saravanan
Hi @saravanant23,
I have confirmed the issue with that version of GKE. We will look into this. The issue is filed here: https://github.com/cyberark/conjur-google-cloud-marketplace/issues/25.
@saravanant23, We’re working on a fix for the problem (see https://github.com/cyberark/conjur-google-cloud-marketplace/pull/27). The main problem appears to be that the version of Google Marketplace Tools (0.6.0) that is incorporated into our app Deployment container needs to be upgraded. This version that we’re currently using incorporates a version of the kubectl client (1.12) that doesn’t know how to authenticate with Kubernetes versions 1.15 and newer. A fix is proposed that upgrades the Google Marketplace Tools to 0.10.0. (see https://github.com/cyberark/conjur-google-cloud-marketplace/pull/27).
This newer version of the Google Marketplace Tools includes an adaptive scheme to pick a Kubernetes client (it reads the Kubernetes server version, then switches to a matching version of the Kubernetes client binary).