Helm agent failing to install - ImagePullSecret invalid
The installation of the agent with helm is not working. It seems that the ImagePullSecret is invalid and not allowing the downloading of the container image. Am I the only one having this problem?
EDIT: Tested installing gitlab agent version V15.4.0 and it worked without problems.
Steps to reproduce
- Copy paste agent registration command and run it
helm upgrade --install dev-agent gitlab/gitlab-agent \
--namespace gitlab-agent \
--create-namespace \
--set image.tag=v15.6.0 \
--set config.token=<REDACTED> \
--set config.kasAddress=wss://kas.gitlab.com
Error
$ kubectl logs -f -l=app=gitlab-agent -n gitlab-agent
Error from server (BadRequest): container "gitlab-agent" in pod "dev-agent-gitlab-agent-6ccb75994c-t8k44" is waiting to start:
trying and failing to pull image
Debug
$ kubectl get all -n gitlab-agent
NAME READY STATUS RESTARTS AGE
pod/dev-agent-gitlab-agent-6ccb75994c-t8k44 0/1 ImagePullBackOff 0 34m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dev-agent-gitlab-agent 0/1 1 0 34m
NAME DESIRED CURRENT READY AGE
replicaset.apps/dev-agent-gitlab-agent-6ccb75994c 1 1 0 34m
This worked fine last week, so I am wondering whether the latest version update has something to do with it...
Generated files:
$ helm -n gitlab-agent get all dev-agent
NAME: dev-agent
LAST DEPLOYED: Mon Oct 24 20:16:27 2022
NAMESPACE: gitlab-agent
STATUS: deployed
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
config:
kasAddress: wss://kas.gitlab.com
token: <REDACTED>
image:
tag: v15.6.0
COMPUTED VALUES:
additionalLabels: {}
affinity: {}
config:
kasAddress: wss://kas.gitlab.com
observability:
tls:
enabled: false
secret: {}
token: <REDACTED>
extraEnv: []
fullnameOverride: ""
image:
pullPolicy: IfNotPresent
repository: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk
tag: v15.6.0
imagePullSecrets: []
nameOverride: ""
nodeSelector: {}
podAnnotations:
prometheus.io/path: /metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
podLabels: {}
podSecurityContext: {}
rbac:
create: true
resources: {}
securityContext: {}
serviceAccount:
annotations: {}
create: true
tolerations: []
HOOKS:
MANIFEST:
---
# Source: gitlab-agent/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dev-agent-gitlab-agent
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
---
# Source: gitlab-agent/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: dev-agent-gitlab-agent-token
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
data:
token: <REDACTED>
type: Opaque
---
# Source: gitlab-agent/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: dev-agent-gitlab-agent
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
data:
---
# Source: gitlab-agent/templates/clusterrolebinding-cluster-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitlab-agent:dev-agent-gitlab-agent-cluster-admin
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dev-agent-gitlab-agent
namespace: gitlab-agent
---
# Source: gitlab-agent/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dev-agent-gitlab-agent
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
helm.sh/chart: gitlab-agent-1.6.0
app.kubernetes.io/name: gitlab-agent
app: gitlab-agent
app.kubernetes.io/version: "v15.5.1"
app.kubernetes.io/managed-by: Helm
spec:
serviceAccountName: dev-agent-gitlab-agent
securityContext:
{}
containers:
- name: gitlab-agent
securityContext:
{}
image: registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/agentk:v15.6.0
imagePullPolicy: IfNotPresent
args:
- --token-file=/etc/agentk/secrets/token
- --kas-address=wss://kas.gitlab.com
livenessProbe:
httpGet:
path: /liveness
port: 8080
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readiness
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
resources:
{}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: SERVICE_ACCOUNT_NAME
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
volumeMounts:
- name: secret-volume
mountPath: /etc/agentk/secrets
- name: config-volume
mountPath: /etc/agentk/config
volumes:
- name: secret-volume
secret:
secretName: dev-agent-gitlab-agent-token
- name: config-volume
configMap:
name: dev-agent-gitlab-agent