Kubernetes timeout while pushing image via helm
Summary
I've been trying to connect gitlab to our AWS hosted Kubernetes instance, with great pain. Originally helm was configured to use --tls
as it seemed more secure. But Gitlab doesn't appear to be able to handle it. Every request to connect to the tiller server would fail with an SSL handshake error:
Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!
deployment "tiller-deploy" successfully rolled out
[debug] Created tunnel using local port: '42225'
[debug] SERVER: "localhost:42225"
Client: &version.Version{SemVer:"v2.6.1", GitCommit:"bbc1f71dc03afc5f00c6ac84b9308f8ecb4f39ac", GitTreeState:"clean"}
[debug] tls: first record does not look like a TLS handshake
Error: cannot connect to Tiller
Failed to init Tiller.
I made sure the configuration was exactly the same as on my local machine.
I gave up and attempted to use gitlab to help install helm for me. But that also always failed with an error:
Error: error installing: deployments.extensions is forbidden: User "system:serviceaccount:gitlab-managed-apps:default" cannot create deployments.extensions in the namespace "gitlab-managed-apps"
I tried very hard to make sure that the user had the correct permissions as we're using RBAC, but I don't think Gitlab is set up for that either.
Finally I decided to install helm myself again, but this time without TLS. Configuring the correct users / permissions I managed to gitlab to get to the upload stage, however I now get timeouts:
Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!
Waiting for rollout to finish: 0 out of 1 new replicas have been updated...
error: watch closed before Until timeout
Does anybody have any thoughts on getting K8s to work on AWS with GL?
Steps to reproduce
- Install K8s on AWS
- Install tiller and configure user permissions on the cluster
- Upload the API creds to GL
- Use the
auto-dev-ops
template for.gitlab-ci.yml
- Attempt to push a docker image
Example Project
Coming soon...
What is the current bug behavior?
Either timeout, tls errors, or permission problems
What is the expected correct behavior?
We should be able to use auto-dev-ops on aws
Results of GitLab environment info
Gitlab.com
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:17:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}