Currently our GKE Marketplace offering is based off a fork of the Helm chart. I believe we have incorporated all of the changes, outside of a few values.yaml settings. (For example, to reduce the replica counts to 1)
We should refresh the GKE marketplace chart with the current version, as well as update the charts to be the now current version.
Thus, in the current iteration; Track 11 is the latest of 11.0, Track 11.9 is the latest of any 11.9.x release.
Challenge Summary [ ADDED: 2019-02-26 ]
Use a Wrapper Chart or Fork Main Cloud Native GitLab Chart
We opted to use a wrapper chart and that decision is documented in charts/gitlab#914.
TL;DR - a wrapper chart allows us to set configuration values in a Marketplace specific values.yaml without having to port extra changes into the upstream Cloud Native GitLab chart.
Upstream NGINX Issue
A check for semantic version in the upstream nginx chart broke the deployment to marketplace. We fixed in charts/gitlab#910.
Marketplace Changed Base Deployer Image, No Documentation
There is now a deployer image with tiller; it wasn't in the documentation. This was discovered/documented along with a new field required APPLICATION_UID in charts/gitlab#1042.
charts/gitlab#1042
Schema Automation
The schema.yaml required to deploy on the Marketplace also has to track all container tags/versions deployed by the Cloud Native GitLab chart. Issue #912 (closed) covers our automation of that process.
Role Based Access Control
The Google Marketplace deployer changed how it handles access control. We cannot create ServiceAccounts from the charts; they must be pre-populated into the schema.yaml before chart deployment.
Issue #1040 (closed) tracks the automation work exporting ServiceAccount resources from our existing charts into the schema.yaml required by the Google Marketplace.
Tooling
Repetitive work slowed down testing, so #1041 (closed) tracks the work to create the basic tooling allowing fast creation of new deployer images and testing/teardown of GKE clusters.
Many comments on its related merge request charts/deploy-image-helm-base!48 relate to discoveries made while using the tooling to test the releases.
Deployer Validation Doesn't Understand Resources Aren't Used
The validation tool that gates deployment to the public Google Marketplace doesn't know that ClusterRole resources are not being used even if the Application Cluster Resource Definition says they are allowable. #1176 (closed) documents work to eliminate that problem.
Application Custom Resource Definition Outdated
The validation gateway script from Google attempts to install the application and then tear it down. It continually failed in teardown because we were using the original version of the Application Custom Resource Definition which links components using the apiVersion. Updated to the modern version resolving this issue in https://gitlab.com/charts/gitlab/merge_requests/740
Additional Feature Request: External LoadBalancer
Asked to support adding an optional flag to add an external loadbalancer.
Made confidential. Google is expecting to have support for "local tiller" in the next week or so. We should hold off on this effort until that is ready, as it will be a major improvement.
Met with Google on this today, and got a confidential update. ETA is probably sometime week of 24th. WIP right now, but developer is going on vacation next week.
We will need to make a few changes to our chart, due to the requirements of getting this all to work with Helm:
We will need to not install application.yaml by default, as they need to pre-create this so the UI has something to latch onto while the deploy image itself is running. Their solution to this is to do a helm template, grab the application resource, then deploy just that to overwrite the resource.
We already do this today, we may just need to tweak the parameter name to something generalizable. (Only really used for GKE marketplace today anyway)
We'd need to add an optional post-install and post-upgrade hook, to add the owner-references (so they can find and delete the proper resources). They have a job we can define to do this.
We'd then need one additional post-delete hook, to delete the application.yaml since that was created outside of the helm process.
converted to use the upstream GitLab chart on my local test branch
deployed a testing cluster to GKE
started auditing to make changes in the schema.yml as needed
@joshlambert where are the horizontal pod autoscalers (HPA) defined? I see them referenced in the the architecture document for the GitLab Cloud Native Chart, but no settings. I need to tune these back per our discussion about making this accommodate the lower specs of the default GKE cluster layout.
Next step is a first attempt at building and pushing to GCR to see what breaks - I know the scalers will break it right away so will deal with that in the morning then move on.
Hit a snag, yq doesn't appear to have a the -r option and the docs don't reference it either on readthedocs or in the help page. Investigating what this is meant to do. cc @joshlambert
$ deploy-image-helm-base rmarshall$ ./build-scripts/list-helm-images.sh + cd gitlab+ helm init --client-only+ helm repo add gitlab https://charts.gitlab.io/+ helm repo update+ helm dep update+ helm template .--set certmanager-issuer.email=none@none.com+ yq -r'. | select( .kind == "Job" or .kind == "Deployment" or .kind == "StatefulSet" or .kind == "DaemonSet" ) | .spec.template.spec | [.containers,.initContainers] | .[] | select(.!=null) | .[].image'+ sort+ uniq2018/11/07 11:28:38 unknown shorthand flag: 'r'in-r-V, --version Print version information and quit-h, --helphelp for yq-t, --trim trim yaml output (default true)-v, --verbose verbose mode delete yq d [--inplace/-i] [--doc/-d index] sample.yaml a.b.chelp Help about any commandmerge yq m [--inplace/-i] [--doc/-d index] [--overwrite/-x] [--append/-a] sample.yaml sample2.yaml new yq n [--script/-s script_file] a.b.c newValueread yq r [--doc/-d index] sample.yaml a.b.c write yq w [--inplace/-i] [--script/-s script_file] [--doc/-d index] sample.yaml a.b.c newValue yq [command] yq [flags]Available Commands:Error: unknown shorthand flag: 'r'in-rFlags:Usage:Use "yq [command] --help"for more information about a command.$ deploy-image-helm-base rmarshall$
$ deploy-image-helm-base rmarshall$ yq -r--helpError: unknown shorthand flag: 'r'in-rUsage: yq [flags] yq [command]Available Commands: delete yq d [--inplace/-i] [--doc/-d index] sample.yaml a.b.chelp Help about any commandmerge yq m [--inplace/-i] [--doc/-d index] [--overwrite/-x] [--append/-a] sample.yaml sample2.yaml new yq n [--script/-s script_file] a.b.c newValueread yq r [--doc/-d index] sample.yaml a.b.c write yq w [--inplace/-i] [--script/-s script_file] [--doc/-d index] sample.yaml a.b.c newValueFlags:-h, --helphelp for yq-t, --trim trim yaml output (default true)-v, --verbose verbose mode-V, --version Print version information and quitUse "yq [command] --help"for more information about a command.2018/11/07 11:25:46 unknown shorthand flag: 'r'in-r
mirror-helm-images.sh expects this to deliver a list to iterate over; it would have never done that as written. Working to get list-helm-images.sh to actually generate a list as mirror-helm-images.sh would expect.
Merged what I know to be necessary fields from my other cloud native demo, ran a test install.
The first run didn't seem to like cloud-native.win our standard testing domain.
There also seems to be some substitution failing with RELEASE-NAME. Might be related since there's a hyphen in there and it's not expanding.
Picking this up from here tomorrow.
First Run failures
Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-gitlab-runner" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-gitaly" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitaly": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-gitlab-shell" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-shell": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-nginx-ingress-tcp" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-tcp": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-migrations" is invalid: metadata.name: Invalid value: "RELEASE-NAME-migrations": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-sidekiq-all-in-1" is invalid: metadata.name: Invalid value: "RELEASE-NAME-sidekiq-all-in-1": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-sidekiq" is invalid: metadata.name: Invalid value: "RELEASE-NAME-sidekiq": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-task-runner" is invalid: metadata.name: Invalid value: "RELEASE-NAME-task-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-unicorn" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-workhorse-config" is invalid: metadata.name: Invalid value: "RELEASE-NAME-workhorse-config": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-unicorn-tests" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn-tests": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-minio-config-cm" is invalid: metadata.name: Invalid value: "RELEASE-NAME-minio-config-cm": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-nginx-ingress-controller" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-controller": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-postgresql" is invalid: metadata.name: Invalid value: "RELEASE-NAME-postgresql": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-prometheus-server" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-redis" is invalid: metadata.name: Invalid value: "RELEASE-NAME-redis": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-registry" is invalid: metadata.name: Invalid value: "RELEASE-NAME-registry": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ConfigMap "RELEASE-NAME-shared-secrets" is invalid: metadata.name: Invalid value: "RELEASE-NAME-shared-secrets": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": PersistentVolumeClaim "RELEASE-NAME-minio" is invalid: metadata.name: Invalid value: "RELEASE-NAME-minio": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": PersistentVolumeClaim "RELEASE-NAME-postgresql" is invalid: metadata.name: Invalid value: "RELEASE-NAME-postgresql": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": PersistentVolumeClaim "RELEASE-NAME-prometheus-server" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": PersistentVolumeClaim "RELEASE-NAME-redis" is invalid: metadata.name: Invalid value: "RELEASE-NAME-redis": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-certmanager" is invalid: metadata.name: Invalid value: "RELEASE-NAME-certmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-gitlab-runner" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-nginx-ingress" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-prometheus-alertmanager" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-alertmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-prometheus-kube-state-metrics" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-kube-state-metrics": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-prometheus-node-exporter" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-node-exporter": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-prometheus-server" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ServiceAccount "RELEASE-NAME-shared-secrets" is invalid: metadata.name: Invalid value: "RELEASE-NAME-shared-secrets": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Forbidden): error when creating "expanded.yaml": roles.rbac.authorization.k8s.io "RELEASE-NAME-shared-secrets" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["patch"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Invalid): error when creating "expanded.yaml": RoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-shared-secrets" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-shared-secrets": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Forbidden): error when creating "expanded.yaml": clusterroles.rbac.authorization.k8s.io "RELEASE-NAME-certmanager" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["certificates"], APIGroups:["certmanager.k8s.io"], Verbs:["*"]} PolicyRule{Resources:["issuers"], APIGroups:["certmanager.k8s.io"], Verbs:["*"]} PolicyRule{Resources:["clusterissuers"], APIGroups:["certmanager.k8s.io"], Verbs:["*"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["*"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Invalid): error when creating "expanded.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-certmanager" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-certmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Forbidden): error when creating "expanded.yaml": clusterroles.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-kube-state-metrics" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["resourcequotas"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["resourcequotas"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["replicationcontrollers"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["replicationcontrollers"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["limitranges"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["limitranges"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["persistentvolumes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["persistentvolumes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["daemonsets"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["daemonsets"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["deployments"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["deployments"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["replicasets"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["replicasets"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["get"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["list"]} PolicyRule{Resources:["statefulsets"], APIGroups:["apps"], Verbs:["watch"]} PolicyRule{Resources:["cronjobs"], APIGroups:["batch"], Verbs:["list"]} PolicyRule{Resources:["cronjobs"], APIGroups:["batch"], Verbs:["watch"]} PolicyRule{Resources:["jobs"], APIGroups:["batch"], Verbs:["list"]} PolicyRule{Resources:["jobs"], APIGroups:["batch"], Verbs:["watch"]} PolicyRule{Resources:["horizontalpodautoscalers"], APIGroups:["autoscaling"], Verbs:["list"]} PolicyRule{Resources:["horizontalpodautoscalers"], APIGroups:["autoscaling"], Verbs:["watch"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Forbidden): error when creating "expanded.yaml": clusterroles.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-server" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["nodes/proxy"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{NonResourceURLs:["/metrics"], Verbs:["get"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Invalid): error when creating "expanded.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-alertmanager" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-prometheus-alertmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-kube-state-metrics" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-prometheus-kube-state-metrics": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-node-exporter" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-prometheus-node-exporter": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": ClusterRoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-prometheus-server" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Forbidden): error when creating "expanded.yaml": roles.rbac.authorization.k8s.io "RELEASE-NAME-nginx-ingress" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["namespaces"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["ingresses/status"], APIGroups:["extensions"], Verbs:["update"]} PolicyRule{Resources:["configmaps"], ResourceNames:["ingress-controller-leader-RELEASE-NAME-nginx"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["configmaps"], ResourceNames:["ingress-controller-leader-RELEASE-NAME-nginx"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["update"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["patch"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Invalid): error when creating "expanded.yaml": RoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-nginx-ingress" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-nginx-ingress": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-gitaly" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitaly": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-gitlab-shell" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-shell": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-unicorn" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-minio-svc" is invalid: metadata.name: Invalid value: "RELEASE-NAME-minio-svc": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-nginx-ingress-controller-metrics" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-controller-metrics": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-nginx-ingress-controller" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-controller": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-nginx-ingress-controller-stats" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-controller-stats": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-nginx-ingress-default-backend" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-default-backend": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-postgresql" is invalid: metadata.name: Invalid value: "RELEASE-NAME-postgresql": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-prometheus-server" is invalid: metadata.name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-redis" is invalid: metadata.name: Invalid value: "RELEASE-NAME-redis": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Service "RELEASE-NAME-registry" is invalid: metadata.name: Invalid value: "RELEASE-NAME-registry": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')Error from server (Invalid): error when creating "expanded.yaml": Pod "RELEASE-NAME-unicorn-test-runner-2dqih" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn-test-runner-2dqih": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-certmanager" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-certmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.serviceAccountName: Invalid value: "RELEASE-NAME-certmanager": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-gitlab-runner" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[0].name: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.serviceAccountName: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-gitlab-shell" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-shell": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-sidekiq-all-in-1" is invalid: metadata.name: Invalid value: "RELEASE-NAME-sidekiq-all-in-1": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-task-runner" is invalid: metadata.name: Invalid value: "RELEASE-NAME-task-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-unicorn" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-minio" is invalid: metadata.name: Invalid value: "RELEASE-NAME-minio": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-nginx-ingress-controller" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-controller": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.serviceAccountName: Invalid value: "RELEASE-NAME-nginx-ingress": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-nginx-ingress-default-backend" is invalid: metadata.name: Invalid value: "RELEASE-NAME-nginx-ingress-default-backend": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-postgresql" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-postgresql": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[0].name: Invalid value: "RELEASE-NAME-postgresql": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-prometheus-server" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.serviceAccountName: Invalid value: "RELEASE-NAME-prometheus-server": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-redis" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-redis": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.volumes[0].name: Invalid value: "RELEASE-NAME-metrics": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.volumes[1].name: Invalid value: "RELEASE-NAME-config": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.volumes[2].name: Invalid value: "RELEASE-NAME": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.volumes[3].name: Invalid value: "RELEASE-NAME-data": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.containers[0].volumeMounts[0].name: Not found: "RELEASE-NAME-config", spec.template.spec.containers[0].volumeMounts[1].name: Not found: "RELEASE-NAME-data", spec.template.spec.containers[1].volumeMounts[0].name: Not found: "RELEASE-NAME-metrics", spec.template.spec.initContainers[0].volumeMounts[0].name: Not found: "RELEASE-NAME", spec.template.spec.initContainers[0].volumeMounts[1].name: Not found: "RELEASE-NAME-config", spec.template.spec.initContainers[0].volumeMounts[2].name: Not found: "RELEASE-NAME-metrics"]Error from server (Invalid): error when creating "expanded.yaml": Deployment.apps "RELEASE-NAME-registry" is invalid: metadata.name: Invalid value: "RELEASE-NAME-registry": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": StatefulSet.apps "RELEASE-NAME-gitaly" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitaly": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Job.batch "RELEASE-NAME-migrations.0" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-migrations.0": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name: Invalid value: "RELEASE-NAME-gitlab-runner-secret": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Job.batch "RELEASE-NAME-minio-create-buckets.0" is invalid: metadata.name: Invalid value: "RELEASE-NAME-minio-create-buckets.0": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": Job.batch "RELEASE-NAME-shared-secrets.0-1wg" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-shared-secrets.0-1wg": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.template.spec.serviceAccountName: Invalid value: "RELEASE-NAME-shared-secrets": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]Error from server (Invalid): error when creating "expanded.yaml": Ingress.extensions "RELEASE-NAME-unicorn" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-unicorn": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.rules[0].http.backend.serviceName: Invalid value: "RELEASE-NAME-unicorn": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')]Error from server (Invalid): error when creating "expanded.yaml": Ingress.extensions "RELEASE-NAME-minio" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-minio": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.rules[0].http.backend.serviceName: Invalid value: "RELEASE-NAME-minio-svc": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')]Error from server (Invalid): error when creating "expanded.yaml": Ingress.extensions "RELEASE-NAME-registry" is invalid: [metadata.name: Invalid value: "RELEASE-NAME-registry": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.rules[0].http.backend.serviceName: Invalid value: "RELEASE-NAME-registry": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')]Error from server (Forbidden): error when creating "expanded.yaml": roles.rbac.authorization.k8s.io "RELEASE-NAME-gitlab-runner" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["*"], APIGroups:[""], Verbs:["*"]}]user=&{rmarshall@gitlab.com [system:authenticated] map[user-assertion.cloud.google.com:[AGKDXmpB05u46gOKFa4EB+/0/pWn2Twul3bkTzY0e4aMbhoqCgMPtSSOa5qbA66+ssueBPsS7NMLmxJvAKfxp3jOSbuqjKAZ3QUkav5RYQY6fOOltKSfm22EE5wex2KYjfO0CcNFFqy+WtNaAwI0yQhd0XPjSvUsqGE19kAscv/c9xoquxufRlbcxqnv2uGj72PAaeRowT61BfiPmf9ww7/QuFzY5OSJoc/Hkupx]]}ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews""selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api""/api/*""/apis""/apis/*""/healthz""/swagger-2.0.0.pb-v1""/swagger.json""/swaggerapi""/swaggerapi/*""/version"], Verbs:["get"]}]ruleResolutionErrors=[]Error from server (Invalid): error when creating "expanded.yaml": RoleBinding.rbac.authorization.k8s.io "RELEASE-NAME-gitlab-runner" is invalid: subjects[0].name: Invalid value: "RELEASE-NAME-gitlab-runner": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": HorizontalPodAutoscaler.autoscaling "RELEASE-NAME-gitlab-shell" is invalid: metadata.name: Invalid value: "RELEASE-NAME-gitlab-shell": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": HorizontalPodAutoscaler.autoscaling "RELEASE-NAME-sidekiq-all-in-1" is invalid: metadata.name: Invalid value: "RELEASE-NAME-sidekiq-all-in-1": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": HorizontalPodAutoscaler.autoscaling "RELEASE-NAME-unicorn" is invalid: metadata.name: Invalid value: "RELEASE-NAME-unicorn": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')Error from server (Invalid): error when creating "expanded.yaml": HorizontalPodAutoscaler.autoscaling "RELEASE-NAME-registry" is invalid: metadata.name: Invalid value: "RELEASE-NAME-registry": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
Rather than sidestepping (which I was doing using our marketplace directions), I built and pushed a docker image into our registry.
A couple things had to happen for this to work:
move the Dockerfile up into the top level directory. It didn't work under the deployer directory no matter what syntax I fed it
installed mpdev tool per the instructions for the new deployer
Python error is what I'm investigating
mpdev /scripts/install --deployer=$REGISTRY/$APP_NAME/deployer --parameters='{"name": "test-deployment", "namespace": "test-ns"}'Traceback (most recent call last): File "/bin/print_config.py", line 120, in <module> main() File "/bin/print_config.py", line 66, in main schema = schema_values_common.load_schema(args) File "/bin/schema_values_common.py", line 52, in memoized_func cache[key] = func(*args, **kwargs) File "/bin/schema_values_common.py", line 60, in load_schemareturn config_helper.Schema.load_yaml_file(parsed_args.schema_file) File "/bin/config_helper.py", line 91, in load_yaml_file d = yaml.load(f) File "/usr/lib/python2.7/dist-packages/yaml/__init__.py", line 71, in loadreturn loader.get_single_data() File "/usr/lib/python2.7/dist-packages/yaml/constructor.py", line 37, in get_single_data node = self.get_single_node() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 36, in get_single_node document = self.compose_document() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 55, in compose_document node = self.compose_node(None, None) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 64, in compose_nodeif self.check_event(AliasEvent): File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 98, in check_event self.current_event = self.state() File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 449, in parse_block_mapping_valueif not self.check_token(KeyToken, ValueToken, BlockEndToken): File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 116, in check_token self.fetch_more_tokens() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 220, in fetch_more_tokensreturn self.fetch_value() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 576, in fetch_value self.get_mark())yaml.scanner.ScannerError: mapping values are not allowed herein"/data/schema.yaml", line 19, column 16
Realizing when reading the comment that I'd used the wrong namespace versus the one I'd created, tried again just to see - no change.
Take 2 with right namespace
mpdev /scripts/install --deployer=$REGISTRY/$APP_NAME/deployer --parameters='{"name": "mkt-test-deployment", "namespace": "mkt-test"}'Traceback (most recent call last): File "/bin/print_config.py", line 120, in <module> main() File "/bin/print_config.py", line 66, in main schema = schema_values_common.load_schema(args) File "/bin/schema_values_common.py", line 52, in memoized_func cache[key] = func(*args, **kwargs) File "/bin/schema_values_common.py", line 60, in load_schemareturn config_helper.Schema.load_yaml_file(parsed_args.schema_file) File "/bin/config_helper.py", line 91, in load_yaml_file d = yaml.load(f) File "/usr/lib/python2.7/dist-packages/yaml/__init__.py", line 71, in loadreturn loader.get_single_data() File "/usr/lib/python2.7/dist-packages/yaml/constructor.py", line 37, in get_single_data node = self.get_single_node() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 36, in get_single_node document = self.compose_document() File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 55, in compose_document node = self.compose_node(None, None) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 84, in compose_node node = self.compose_mapping_node(anchor) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 133, in compose_mapping_node item_value = self.compose_node(node, item_key) File "/usr/lib/python2.7/dist-packages/yaml/composer.py", line 64, in compose_nodeif self.check_event(AliasEvent): File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 98, in check_event self.current_event = self.state() File "/usr/lib/python2.7/dist-packages/yaml/parser.py", line 449, in parse_block_mapping_valueif not self.check_token(KeyToken, ValueToken, BlockEndToken): File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 116, in check_token self.fetch_more_tokens() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 220, in fetch_more_tokensreturn self.fetch_value() File "/usr/lib/python2.7/dist-packages/yaml/scanner.py", line 576, in fetch_value self.get_mark())yaml.scanner.ScannerError: mapping values are not allowed herein"/data/schema.yaml", line 19, column 16
We need to separate the tags on the images. We can define them in schema.yml, and not rely on all images having $TAG. This means updating build-scripts/mirror-helm-images.sh to use the tags from the listed images, not the $TAG variable.
Why? nginx-ingress's controller-deployment.yaml makes use of a semverCompare call. If we push to the nginx-ingress.controller.image GCR with a TAG value that is not a SemVer, this will cause a full deployment failure.
We need to use the tag variable, because the GKE marketplace needs specific "tracks". We decided to go with a the major version, which is 11. This is why when you look at our current images, they are all pushed with that tag to GCR.
The application images are located from references in the deployer's schema.yaml. Each of these images should carry the primary track ID as its docker tag. It should also carry a unique version as its docker tag. The deployer should reference these images using the unique version tag.
@WarheadsSE yes - our current track id is 11. This was a must back in the day. I'm not quite sure what the unique version is. I guess we should also tag it with the standard GitLab version as well, so it is easier for us to understand and track.
I think that you might be missing all of the should vs must statements throughout the current documentation.
Because we're using a very complex chart, we have multiple items that are not aligned to out "suite"s version 11.4.2(rails-based) on track 11. One such item is the nginx-ingress chart, which does a check of it's own .Values.controller.image.tag.
In a call, @joshlambert informed me that they actually deploy with the tags translated to sha256:checksum. This basically breaks nginx outright, and we'll need to patch the use of a semverCompare out entirely, either as a part of the deployer's wrapping, or in these charts directly.
How I understand the current documentation is that if the track is 11, then the application (be careful of this meaning) should be tagged 11, 11.4, and 11.4.2 if we're deploying GitLab v11.4.2. However, should we be tagging busybox:latest as 11.4.2 and pushing that up to GCR?
None of this actually aligns with out chart's version of 1.2. What "track" do we align to?
Questions raised:
Are matched track IDs required for dependencies from external charts?
How to handle semverCompare changes from upstream charts?
Hmm, not sure how to work around this other than modifying that chart... Can we make a change upstream to take in another parameter that will override the semverCompare logic to force whether that block should be included?
The other images are located from the schema.yaml. We use whatever default values in there. This has always been the case.
The "should" recommendation is to better organize the staging repo. It might be more relevant when we introduce release/specific version
Hmm, not sure how to work around this other than modifying that chart... Can we make a change upstream to take in another parameter that will override the semverCompare logic to force whether that block should be included?
So yes, we'll need to patch out that within our NGINX for now
The other images are located from the schema.yaml. We use whatever default values in there. This has always been the case.
The "should" recommendation is to better organize the staging repo. It might be more relevant when we introduce release/specific version
Then I would suggest we populate the schema.yml with the exact requested image revisions from the rendered charts. We can do this through simple sed replacements, as we're not changing the image names. This will require only minor operational changes to the mirror-helm-images script, so that we're not renaming the tags, only the registry & repository.
I made necessary patch changes to a local copy of the charts/gitlab within the deploy-image-helm-base repo (submodule), and followed current upstream documentation. I ended up hitting the following, indicating that we'll need to make some adjustments to the default properties.
++ /bin/print_config.py --output=yamlError: render error in "gitlab/charts/certmanager-issuer/templates/cert-manager.yml": template: gitlab/charts/certmanager-issuer/templates/cert-manager.yml:13:3: executing "gitlab/charts/certmanager-issuer/templates/cert-manager.yml" at <include (print $.Tem...>: error calling include: template: gitlab/charts/certmanager-issuer/templates/_issuer.yaml:14:14: executing "gitlab/charts/certmanager-issuer/templates/_issuer.yaml" at <required "You must p...>: error calling required: You must provide an email to associate with your TLS certificates. Please set certmanager-issuer.email
patch to nginx/templates/controller-*, under gitlab
@joshlambert another question here - why do we have the source for gitaly, workhorse, and gitlab-shell added as submodules in the initial versions of our marketplace deployer?
@rmarshall we needed to have either the source or the licenses documented in the deployer. I believe we had a problem gathering the licenses from Go apps at the time, so I just vendored them in.
@marin I believe we can. My first of today was to verify everything was carried over & in place. Having done that, and labelled the various issues & relations, I will close this.
Had a conversation this morning with @marin and we worked out the game plan as far as the subtasks that have opened up after completing the wrapper.
Resolve #1040 (closed) and get the roles showing up properly in the schema.
Evaluate our stance and see if that means we can now get to a manual deployment to the marketplace.
Make sure we iron out any other variances from the marketplace fork as noted in #1042 (closed)
If we didn't release yet, cut a manual release to the marketplace
Get the release automation fully baked and into the release process so that marketplace updates when we cut normal releases.
@joshlambert - as I have found documentation issues/missing items in the GKE Marketplace upstream, should I be sending those over as MRs at the marketplace repository or is that something we should send to their team to get updated?
The current roadmap plan is to try to cut a release next week if the roles issue can be fully ironed out by that point.
@rmarshall that plan sounds good to me, thanks for the update.
I have found documentation issues/missing items in the GKE Marketplace upstream, should I be sending those over as MRs at the marketplace repository or is that something we should send to their team to get updated?
Let's raise this with Google tomorrow and see what they say.
@joshlambert - just to be sure we're on the same page - what is the expectation for TLS certificate support? Right now it looks like we support self-signed only and that's what we have right now in the work that's been done.
I think support for more than that is something to consider for another release cycle.
@joshlambert - so I was able to log into the GitLab instance I deployed - one thing to note is that, because it is a self-signed certificate, Safari/Chrome refuse to load it with their new and tightened TLS security setups.
This may not be an issue depending on the intended target audience, but it's worth noting. I will add this to the documentation for installation on Google GKE Marketplace.
Also - deleted 67 deployer test builds from the GKE container registry to clear up the used space. There is a pile of images that live before the one tagged 11 that is our current marketplace offering. Are all of those test images or were any actually deployed?
so I was able to log into the GitLab instance I deployed - one thing to note is that, because it is a self-signed certificate, Safari/Chrome refuse to load it with their new and tightened TLS security setups.
Great. We do have documentation on how to add your own TLS certificate, in the application.yml. (Or did) We should probably update that text to ensure it still matches what we would expect with the new helm based process.
Are all of those test images or were any actually deployed?
Yea, probably. We went through a whole bunch of tests before the final shipping version.
@joshlambert - I found the TLS instructions, so I will make sure those are clearly marked and test them out / make any needed updates.
One of the last things left is ensuring the front-page-splash in the marketplace matches our current information. I wasn't able to find it in our repository; tomorrow I'll comb through the documentation unless you know where that gets set @joshlambert . It didn't seem to be in the templates/application.yml file. The wording is close, but not the same.
This week is the home stretch; I have a working deployer build and, at the same time, finished the automation tooling. By the time it's all reviewed/merged I should have completed usability testing to check for regressions (eg: making sure our TLS instructions work with the new deployer).