Helm installation fails

[jona...@sofiero.net]

When trying to install Kritis on a Kubernetes v1.11.3 cluster the Helm installation fails because the preinstall pod fails:

%helm install https://storage.googleapis.com/kritis-charts/repository/kritis-charts-0.1.0.tgz --name kritis

NAME:   kritis

LAST DEPLOYED: Fri Dec 14 12:59:42 2018

NAMESPACE: default

STATUS: DEPLOYED

RESOURCES:

==> v1/Service

NAME                    AGE

kritis-validation-hook  0s

==> v1beta2/Deployment

kritis-validation-hook  0s

==> v1beta1/ClusterRoleBinding

kritis-clusterrolebinding  0s

==> v1/ClusterRole

kritis-clusterrole  0s

==> v1/Pod(related)

NAME                                     READY  STATUS             RESTARTS  AGE

kritis-validation-hook-5446b8c9f5-8vh9j  0/1    ContainerCreating  0         0s

%kubectl get pods
...

pod/kritis-postinstall                        0/1     Error     0          8m
pod/kritis-preinstall                         0/1     Error     0          8m

%kubectl logs kritis-preinstall
...
time="2018-12-14T11:59:47Z" level=info msg="[kubectl apply -f -]"

time="2018-12-14T11:59:47Z" level=info msg="customresourcedefinition.apiextensions.k8s.io \"attestationauthorities.kritis.grafeas.io\" created\n"

time="2018-12-14T11:59:47Z" level=info msg="[kubectl apply -f -]"

time="2018-12-14T11:59:47Z" level=info

time="2018-12-14T11:59:47Z" level=error msg="error: error validating \"STDIN\": error validating data: [ValidationError(CustomResourceDefinition.spec.names): unknown field \"scope\" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionNames, ValidationError(CustomResourceDefinition.spec): missing required field \"scope\" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionSpec]; if you choose to ignore these errors, turn validation off with --validate=false\n"

time="2018-12-14T11:59:47Z" level=fatal msg="exit status 1"

%kubectl logs kritis-postinstall

time="2018-12-14T11:59:45Z" level=info msg="contents of /var/run/secrets/kubernetes.io/serviceaccount/namespace: default"

time="2018-12-14T11:59:45Z" level=info msg="running postinstall\nversion v0.1.0\ncommit: c0715fe5eadf3b507318edda2a45859343bb03f2"

time="2018-12-14T11:59:45Z" level=info msg="Waiting for kritis-preinstall to be ready"

time="2018-12-14T11:59:48Z" level=fatal msg="preinstall pod didn't complete: pod already in terminal phase: Failed"

I'm able to work around this by manually deploying the CRDs and faking the preinstall pod but its rather cumbersome. Any ideas?

[Tejal Desai]

Looking from the logs, it looks like you were reinstalling kritis and the previous uninstall did not complete.

Was that the case?

Can you run kubectl get pods and confirm there are no preinstall or  postinstall pods running ?

--
You received this message because you are subscribed to the Google Groups "Kritis users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kritis-users...@googlegroups.com.
To post to this group, send email to kritis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kritis-users/e29cee71-4527-42b8-815b-34a071d0ed4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[jona...@sofiero.net]

Don't have access to that cluster right now but it may very well have been a reinstall. However I just tried the same thing on a fresh 1.11.3 cluster.

[0] % kubectl get pods

NAME                                      READY   STATUS              RESTARTS   AGE

kritis-postinstall                        0/1     Error               0          14m

kritis-preinstall                         0/1     Error               0          14m

kritis-validation-hook-5446b8c9f5-c7cdh   0/1     ContainerCreating   0          14m

[0] % kubectl logs  kritis-preinstall
...time="2018-12-16T19:05:44Z" level=info msg="[kubectl create secret tls tls-webhook-secret --cert=server.crt --key=server-key.pem --namespace default]"

time="2018-12-16T19:05:44Z" level=info msg="secret \"tls-webhook-secret\" created\n"

time="2018-12-16T19:05:45Z" level=info msg="[kubectl apply -f -]"

time="2018-12-16T19:05:45Z" level=info msg="customresourcedefinition.apiextensions.k8s.io \"attestationauthorities.kritis.grafeas.io\" created\n"

time="2018-12-16T19:05:45Z" level=info msg="[kubectl apply -f -]"

time="2018-12-16T19:05:45Z" level=info

time="2018-12-16T19:05:45Z" level=error msg="error: error validating \"STDIN\": error validating data: [ValidationError(CustomResourceDefinition.spec.names): unknown field \"scope\" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionNames, ValidationError(CustomResourceDefinition.spec): missing required field \"scope\" in io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1beta1.CustomResourceDefinitionSpec]; if you choose to ignore these errors, turn validation off with --validate=false\n"

time="2018-12-16T19:05:45Z" level=fatal msg="exit status 1"

This is taken from a fresh installed cluster with nothing else installed.

[Tejal Desai]

Thanks! Can you please confirm the kubernetes version?

To view this discussion on the web visit https://groups.google.com/d/msgid/kritis-users/d9780b8b-540e-4dee-b8d2-651a1586a583%40googlegroups.com.

[jona...@sofiero.net]

Sure!

[0] % kubectl get nodes

NAME          STATUS   ROLES    AGE   VERSION

k8smaster04   Ready    master   10h   v1.11.3

k8snode04     Ready    node     10h   v1.11.3

[Aysylu Greenberg]

Thanks for reporting the issue! This should be fixed by https://github.com/grafeas/kritis/pull/324. It's odd that different versions of Helm miss or detect this issue, worth a separate investigation.