Could not setup SG operator on Rancher's RKE
Summary
helm installation doesn't work due a failure of the certificate creation.
Current Behaviour
with the command bellow, helm isn't able to install the stackgres operator:
helm install --namespace stackgres stackgres-operator --set grafana.autoEmbed=true --set-string grafana.webHost=grafana.monitoring --set-string grafana.user=admin --set-string grafana.password=******** --set-string adminui.service.type=LoadBalancer --debug https://stackgres.io/downloads/stackgres-k8s/stackgres/0.9.3/helm/stackgres-operator.tgz
the job that creates the certificate throws this messages:
stackgres 0s Normal Pulled pod/stackgres-operator-create-certificate-glgn5 Container image "bitnami/kubectl:1.18.3" already present on machine
stackgres 0s Normal Created pod/stackgres-operator-create-certificate-glgn5 Created container stackgres-operator-create-certificate
stackgres 0s Normal Started pod/stackgres-operator-create-certificate-glgn5 Started container stackgres-operator-create-certificate
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Normal Pulled pod/stackgres-operator-create-certificate-glgn5 Container image "bitnami/kubectl:1.18.3" already present on machine
stackgres 0s Normal Created pod/stackgres-operator-create-certificate-glgn5 Created container stackgres-operator-create-certificate
stackgres 0s Normal Started pod/stackgres-operator-create-certificate-glgn5 Started container stackgres-operator-create-certificate
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Normal Pulled pod/stackgres-operator-create-certificate-glgn5 Container image "bitnami/kubectl:1.18.3" already present on machine
stackgres 0s Normal Created pod/stackgres-operator-create-certificate-glgn5 Created container stackgres-operator-create-certificate
stackgres 0s Normal Started pod/stackgres-operator-create-certificate-glgn5 Started container stackgres-operator-create-certificate
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
stackgres 0s Warning BackOff pod/stackgres-operator-create-certificate-glgn5 Back-off restarting failed container
Steps to reproduce
After setup the cluster, execute the steps bellow:
- setup the namespaces:
kubectl create namespace monitoring
kubectl create namespace stackgres
- setup prometheus and grafana:
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo add stable https://charts.helm.sh/stable
helm repo update
helm install --namespace monitoring prometheus-operator prometheus-community/prometheus
helm install --namespace monitoring grafana grafana/grafana
- install stackgres:
grafana_admin_cred=$(kubectl get secret --namespace monitoring grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo)
helm install --namespace stackgres stackgres-operator \
--set grafana.autoEmbed=true \
--set-string grafana.webHost=grafana.monitoring \
--set-string grafana.user=admin \
--set-string grafana.password="${grafana_admin_cred}" \
--set-string adminui.service.type=LoadBalancer \
--debug \
https://stackgres.io/downloads/stackgres-k8s/stackgres/0.9.3/helm/stackgres-operator.tgz
Expected Behaviour
helm installation work without errors.
Possible Solution
It looks like a possible bug on the stackgres-k8s/install/helm/stackgres-operator/templates/create-certificate-job.yaml
that expects that the jsonpath .status.certificate
exists to move on in the setup. on this cluster, the jsonpath always return empty.
Environment
- StackGres version: 0.9.3
- Kubernetes version:
❯ kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.4", GitCommit:"d360454c9bcd1634cf4cc52d1867af5491dc9c5f", GitTreeState:"clean", BuildDate:"2020-11-11T13:17:17Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.14", GitCommit:"f238f5142728be4033c37aa0ad69bf806090beae", GitTreeState:"clean", BuildDate:"2020-11-11T13:03:54Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
- Cloud provider or hardware configuration: Using Rancher v2.4.5 creating droplets with RKE on DigitalOcean. nodes/controllers running k8s v1.17.14 and docker 19.3.13. Distro ubuntu 18.04.
Relevant logs and/or screenshots
Helm execution:
+ helm install --namespace stackgres stackgres-operator --set grafana.autoEmbed=true --set-string grafana.webHost=grafana.monitoring --set-string grafana.user=admin --set-string grafana.password=*********************** --set-string adminui.service.type=LoadBalancer --debug https://stackgres.io/downloads/stackgres-k8s/stackgres/0.9.3/helm/stackgres-operator.tgz
install.go:172: [debug] Original chart version: ""
install.go:189: [debug] CHART PATH: /home/seba/.cache/helm/repository/stackgres-operator.tgz
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgbackups.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgbackupconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgclusters.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgdistributedlogs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sginstanceprofiles.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgpoolconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgpgconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD alertmanagers.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD podmonitors.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD prometheuses.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD prometheusrules.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD servicemonitors.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD thanosrulers.monitoring.coreos.com is already present. Skipping.
client.go:268: [debug] Starting delete for "stackgres-operator-init" ServiceAccount
client.go:122: [debug] creating 1 resource(s)
client.go:268: [debug] Starting delete for "stackgres-operator-init" ClusterRoleBinding
client.go:122: [debug] creating 1 resource(s)
client.go:268: [debug] Starting delete for "stackgres-operator-bootstrap" Job
client.go:297: [debug] jobs.batch "stackgres-operator-bootstrap" not found
client.go:122: [debug] creating 1 resource(s)
client.go:477: [debug] Watching for changes to Job stackgres-operator-bootstrap with timeout of 5m0s
client.go:505: [debug] Add/Modify event for stackgres-operator-bootstrap: ADDED
client.go:544: [debug] stackgres-operator-bootstrap: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
client.go:505: [debug] Add/Modify event for stackgres-operator-bootstrap: MODIFIED
client.go:268: [debug] Starting delete for "stackgres-operator-upgrade" Job
client.go:297: [debug] jobs.batch "stackgres-operator-upgrade" not found
client.go:122: [debug] creating 1 resource(s)
client.go:477: [debug] Watching for changes to Job stackgres-operator-upgrade with timeout of 5m0s
client.go:505: [debug] Add/Modify event for stackgres-operator-upgrade: ADDED
client.go:544: [debug] stackgres-operator-upgrade: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
client.go:505: [debug] Add/Modify event for stackgres-operator-upgrade: MODIFIED
client.go:268: [debug] Starting delete for "stackgres-operator-init" ServiceAccount
client.go:268: [debug] Starting delete for "stackgres-operator-init" ClusterRoleBinding
client.go:268: [debug] Starting delete for "stackgres-operator-bootstrap" Job
client.go:268: [debug] Starting delete for "stackgres-operator-upgrade" Job
client.go:122: [debug] creating 14 resource(s)
client.go:268: [debug] Starting delete for "stackgres-operator-init" ServiceAccount
client.go:297: [debug] serviceaccounts "stackgres-operator-init" not found
client.go:122: [debug] creating 1 resource(s)
client.go:268: [debug] Starting delete for "stackgres-operator-init" ClusterRoleBinding
client.go:297: [debug] clusterrolebindings.rbac.authorization.k8s.io "stackgres-operator-init" not found
client.go:122: [debug] creating 1 resource(s)
client.go:268: [debug] Starting delete for "stackgres-operator-bootstrap" Job
client.go:297: [debug] jobs.batch "stackgres-operator-bootstrap" not found
client.go:122: [debug] creating 1 resource(s)
client.go:477: [debug] Watching for changes to Job stackgres-operator-bootstrap with timeout of 5m0s
client.go:505: [debug] Add/Modify event for stackgres-operator-bootstrap: ADDED
client.go:544: [debug] stackgres-operator-bootstrap: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
client.go:505: [debug] Add/Modify event for stackgres-operator-bootstrap: MODIFIED
client.go:268: [debug] Starting delete for "stackgres-operator-create-certificate" Job
client.go:297: [debug] jobs.batch "stackgres-operator-create-certificate" not found
client.go:122: [debug] creating 1 resource(s)
client.go:477: [debug] Watching for changes to Job stackgres-operator-create-certificate with timeout of 5m0s
client.go:505: [debug] Add/Modify event for stackgres-operator-create-certificate: ADDED
client.go:544: [debug] stackgres-operator-create-certificate: Jobs active: 1, jobs failed: 0, jobs succeeded: 0
stackgres-operator-create-certificate job logs:
❯ kubectl logs pod/stackgres-operator-create-certificate-glgn5 -n stackgres
+ kubectl delete csr --ignore-not-found stackgres-operator
certificatesigningrequest.certificates.k8s.io "stackgres-operator" deleted
+ cat
+ openssl req -new -nodes -text -keyout /tmp/root.key -subj /CN=stackgres-operator.stackgres.svc -out /tmp/server.csr -config /tmp/csr.conf
Generating a RSA private key
..............+++++
...................................................+++++
writing new private key to '/tmp/root.key'
-----
+ openssl rsa -in /tmp/root.key -pubout -out /tmp/root.pem
writing RSA key
+ cat
+ kubectl create -f -
++ cat /tmp/server.csr
++ base64
++ tr -d '\n'
certificatesigningrequest.certificates.k8s.io/stackgres-operator created
+ kubectl get csr stackgres-operator -o yaml
+ grep -q '^ type: Approved$'
+ kubectl certificate approve stackgres-operator
certificatesigningrequest.certificates.k8s.io/stackgres-operator approved
+ echo -n 'Waiting for CSR approval...'
+ kubectl get csr stackgres-operator -o yaml
+ grep -q '^ type: Approved$'
+ echo approved
Waiting for CSR approval...approved
++ cat /tmp/root.key
++ base64
++ tr -d '\n'
+ KEY=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ2h5TGJ0a2Qvd2d5QzcKdnhQRWNWVDUrUGdKSFVuTkJ6VTBCY1ZSVmY1ZUFEam8rQXo0U1VsZ1BiM3NKN2lnTUd6QWZwKzc0V2pZU3BvcgpJQ2VsWHBmYzAyaXlNQUxzZzF4MG1LQzdjTndiTE9LK01seThWRFo5c1lONUlycXQ3TWo3Z0FYV3ZWSVBORUhoCnBvUnhBS2p6VE5POVoyZzVGcDJzeEY3dEk1Yk5lWWt5ckZPS0M3bE1ONTBGdlJIVDNxK1VUZ1NuWTBTeStnblIKRUFSb0tWeVhhNXRFYW1pVmlmMEJLTjUyYi9HTFBnejZTK1F0dGhwSjk3MWxkOWZUZE9PckxSWTljTEplRnZvVgo5ejdHNzBLRXAvOSs3UlNpUEVGckljeTk2VnBRWFZyTkhkSC80UVlJZSs2ZllFN2gydGpLMlJmb0hmU05TM0RyClBFR0xZakxyQWdNQkFBRUNnZ0VBZng5ZjNieko0Z3FuSmQ4MmdSMHNVRjg1UnJBazFWM2NpRXdnaDVDeWx0cEYKM1lsTFo2enVZeGtncXZkck16UFp3RWUrNjdwcXo4bU82bVFSd3ZkWkRNTnhlTklRK2hjZUJ1QUhMRUc2TWdCTApDbmc0TmlOVnpkNDJHSEVaanFDSUxGYWtQOS96SXM5RkZUSHF6NEJkUVJBVk1MYVlSb05tMGVKYlZLcXFURGo3CmJiZ0NURHA4NHNwc1hieXFjZkUxTTF4aE1CMldWdTFpMjY1WWtPSXM2L0NBOWFMbW1abnprTW5qS2h5QkJNWTMKWjAzbmdkTEl6ODBkY0tsR3pDenRSaFY2cytyNTZvVkhVcDd4c2JaeVZFZVBzRVZlUm11dHJhT3N2STFjbkhhcwowSjNkYzVjdTU5K1R6eTBvZUZyUU0yKy9Ld1poWjNPbEU0a1pvakZ4d1FLQmdRRFRmTWZmeWlaVmRReS8rRk5iCmlGTHhEZDJLUDBHTVJPK2RNRXl3dUpOaHRHaTdsRnhia2w0dkRvbEgxRGtzQi81T3ViSmF4ekhpdEZYcFNjbjUKaUF5cEsxWjlFRzVaNVhzNXhRTVdzMElBWTFUVU4xMndsUFNFbXBsN25kWGxsZVNMSlJQRXgraW5acW5OcXc5ZgpramlVR2ZDRVEzNzVyQjZNMEoyNm0yWEFGUUtCZ1FERDFkbTIwaFpEQ3pDc2ttWWh3c0luYW5rZ0d6ajBMb3lWCk9sbGJ1U2dsWHQ0NG4zT2FRTm9OSVBmYnUvSmtKakRaTUdNT3dEbjBDc1BzMnkyeEt3NDR2QWxYVDBOQzJVRHkKYlZHRDV4Z0ZXUks0eUVWT2NCbGlrZGtlTGI4WkRKN2RZVzhkOUdDMnhHMm10Uk93emd2dlJndnJYTEJxdzN0Vgp1eTRjZE9IbS93S0JnSFVFWi90MWVMeDBKWGZheVJTdVcyWXhpOUZBcXQ0WURwVGs4cW9kbHI3SytlQkFlTkhhCkxPN1FsamorUGh3VTJDdHJLRHArV1NYZExtUUVoaExocWsrNFFRUzJJTGp3OXJ2Q1BMRkV3bEpBbytGQU9VREoKU25wTXFIdnptelNMT1llY0hsSVZZcSt0YUdyNktXbHlHSWdweWlFRXo2OEtBMlZhME1zOXpKRDVBb0dBWTZBYgpEY0o2eU1pY2ptNDd2dGtSWkhQcUFzZFdoZ0pZU21KUXF6VGFrNGhiakhxeG1MdDlNa2lmVHcyaUZnakh1UFhBCnJ2UmpoeDhpNVEvcmdzSGdqa1E2akV3cWI0dU9Xc1g2UGh3R1FGSThEL3p5SlNFcUNOY2htUlMwcnMyWTFBNkoKTkxmcHE1RHFKM0RlLzRjUzB6clRQWHo5MHBKMzMvbEZUL3kySDRrQ2dZQnl5Y0dTOTdrSjZOcCtXVndVUUlSMQpwMlZIYkZhd2F4Ujh3RFZLRC9pMmNPMVlmR01oeXpVN2dJdGR2ZEkwdGZESGtTWjJnSldGOG1jVnl1LzNWMWZJCkNCVllHcFFEVmNIRVZBblBOZTRvWmpaZGdqTHpXWlJPSTd2NUw0NFNUZktXZFZxMCtaMGlVYXZiMTQ4Wi9zOUwKWjliUlBCUTdaUm5DMDNOSGVMRVBhQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
++ cat /tmp/root.pem
++ tr -d '\n'
++ base64
+ PUB=LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFvY2kyN1pIZjhJTWd1NzhUeEhGVQorZmo0Q1IxSnpRYzFOQVhGVVZYK1hnQTQ2UGdNK0VsSllEMjk3Q2U0b0RCc3dINmZ1K0ZvMkVxYUt5QW5wVjZYCjNOTm9zakFDN0lOY2RKaWd1M0RjR3l6aXZqSmN2RlEyZmJHRGVTSzZyZXpJKzRBRjFyMVNEelJCNGFhRWNRQ28KODB6VHZXZG9PUmFkck1SZTdTT1d6WG1KTXF4VGlndTVURGVkQmIwUjA5NnZsRTRFcDJORXN2b0owUkFFYUNsYwpsMnViUkdwb2xZbjlBU2plZG0veGl6NE0ra3ZrTGJZYVNmZTlaWGZYMDNUanF5MFdQWEN5WGhiNkZmYyt4dTlDCmhLZi9mdTBVb2p4QmF5SE12ZWxhVUYxYXpSM1IvK0VHQ0h2dW4yQk80ZHJZeXRrWDZCMzBqVXR3Nnp4QmkySXkKNndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==
++ kubectl get csr stackgres-operator -o 'jsonpath={.status.certificate}'
Certificate not found in CSR!
+ CRT=
+ '[' -z '' ']'
+ echo 'Certificate not found in CSR!'
+ exit 1
The certificate was approved:
❯ kubectl get csr
NAME AGE REQUESTOR CONDITION
stackgres-operator 2m25s system:serviceaccount:stackgres:stackgres-operator-init Approved
❯ kubectl get csr -o yaml
apiVersion: v1
items:
- apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-12-06T23:20:49Z"
name: stackgres-operator
resourceVersion: "18258"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/stackgres-operator
uid: a613cadb-5c2e-4982-a2d9-e7f9e7fed192
spec:
groups:
- system:serviceaccounts
- system:serviceaccounts:stackgres
- system:authenticated
request: Q2VydGlmaWNhdGUgUmVxdWVzdDoKICAgIERhdGE6CiAgICAgICAgVmVyc2lvbjogMSAoMHgwKQogICAgICAgIFN1YmplY3Q6IENOID0gc3RhY2tncmVzLW9wZXJhdG9yLnN0YWNrZ3Jlcy5zdmMKICAgICAgICBTdWJqZWN0IFB1YmxpYyBLZXkgSW5mbzoKICAgICAgICAgICAgUHVibGljIEtleSBBbGdvcml0aG06IHJzYUVuY3J5cHRpb24KICAgICAgICAgICAgICAgIFJTQSBQdWJsaWMtS2V5OiAoMjA0OCBiaXQpCiAgICAgICAgICAgICAgICBNb2R1bHVzOgogICAgICAgICAgICAgICAgICAgIDAwOmExOmM4OmI2OmVkOjkxOmRmOmYwOjgzOjIwOmJiOmJmOjEzOmM0OjcxOgogICAgICAgICAgICAgICAgICAgIDU0OmY5OmY4OmY4OjA5OjFkOjQ5OmNkOjA3OjM1OjM0OjA1OmM1OjUxOjU1OgogICAgICAgICAgICAgICAgICAgIGZlOjVlOjAwOjM4OmU4OmY4OjBjOmY4OjQ5OjQ5OjYwOjNkOmJkOmVjOjI3OgogICAgICAgICAgICAgICAgICAgIGI4OmEwOjMwOjZjOmMwOjdlOjlmOmJiOmUxOjY4OmQ4OjRhOjlhOjJiOjIwOgogICAgICAgICAgICAgICAgICAgIDI3OmE1OjVlOjk3OmRjOmQzOjY4OmIyOjMwOjAyOmVjOjgzOjVjOjc0Ojk4OgogICAgICAgICAgICAgICAgICAgIGEwOmJiOjcwOmRjOjFiOjJjOmUyOmJlOjMyOjVjOmJjOjU0OjM2OjdkOmIxOgogICAgICAgICAgICAgICAgICAgIDgzOjc5OjIyOmJhOmFkOmVjOmM4OmZiOjgwOjA1OmQ2OmJkOjUyOjBmOjM0OgogICAgICAgICAgICAgICAgICAgIDQxOmUxOmE2Ojg0OjcxOjAwOmE4OmYzOjRjOmQzOmJkOjY3OjY4OjM5OjE2OgogICAgICAgICAgICAgICAgICAgIDlkOmFjOmM0OjVlOmVkOjIzOjk2OmNkOjc5Ojg5OjMyOmFjOjUzOjhhOjBiOgogICAgICAgICAgICAgICAgICAgIGI5OjRjOjM3OjlkOjA1OmJkOjExOmQzOmRlOmFmOjk0OjRlOjA0OmE3OjYzOgogICAgICAgICAgICAgICAgICAgIDQ0OmIyOmZhOjA5OmQxOjEwOjA0OjY4OjI5OjVjOjk3OjZiOjliOjQ0OjZhOgogICAgICAgICAgICAgICAgICAgIDY4Ojk1Ojg5OmZkOjAxOjI4OmRlOjc2OjZmOmYxOjhiOjNlOjBjOmZhOjRiOgogICAgICAgICAgICAgICAgICAgIGU0OjJkOmI2OjFhOjQ5OmY3OmJkOjY1Ojc3OmQ3OmQzOjc0OmUzOmFiOjJkOgogICAgICAgICAgICAgICAgICAgIDE2OjNkOjcwOmIyOjVlOjE2OmZhOjE1OmY3OjNlOmM2OmVmOjQyOjg0OmE3OgogICAgICAgICAgICAgICAgICAgIGZmOjdlOmVkOjE0OmEyOjNjOjQxOjZiOjIxOmNjOmJkOmU5OjVhOjUwOjVkOgogICAgICAgICAgICAgICAgICAgIDVhOmNkOjFkOmQxOmZmOmUxOjA2OjA4OjdiOmVlOjlmOjYwOjRlOmUxOmRhOgogICAgICAgICAgICAgICAgICAgIGQ4OmNhOmQ5OjE3OmU4OjFkOmY0OjhkOjRiOjcwOmViOjNjOjQxOjhiOjYyOgogICAgICAgICAgICAgICAgICAgIDMyOmViCiAgICAgICAgICAgICAgICBFeHBvbmVudDogNjU1MzcgKDB4MTAwMDEpCiAgICAgICAgQXR0cmlidXRlczoKICAgICAgICBSZXF1ZXN0ZWQgRXh0ZW5zaW9uczoKICAgICAgICAgICAgWDUwOXYzIEJhc2ljIENvbnN0cmFpbnRzOiAKICAgICAgICAgICAgICAgIENBOkZBTFNFCiAgICAgICAgICAgIFg1MDl2MyBLZXkgVXNhZ2U6IAogICAgICAgICAgICAgICAgRGlnaXRhbCBTaWduYXR1cmUsIE5vbiBSZXB1ZGlhdGlvbiwgS2V5IEVuY2lwaGVybWVudAogICAgICAgICAgICBYNTA5djMgRXh0ZW5kZWQgS2V5IFVzYWdlOiAKICAgICAgICAgICAgICAgIFRMUyBXZWIgU2VydmVyIEF1dGhlbnRpY2F0aW9uCiAgICAgICAgICAgIFg1MDl2MyBTdWJqZWN0IEFsdGVybmF0aXZlIE5hbWU6IAogICAgICAgICAgICAgICAgRE5TOnN0YWNrZ3Jlcy1vcGVyYXRvciwgRE5TOnN0YWNrZ3Jlcy1vcGVyYXRvci5zdGFja2dyZXMsIEROUzpzdGFja2dyZXMtb3BlcmF0b3Iuc3RhY2tncmVzLnN2YywgRE5TOnN0YWNrZ3Jlcy1vcGVyYXRvci5zdGFja2dyZXMuc3ZjLmNsdXN0ZXIubG9jYWwKICAgIFNpZ25hdHVyZSBBbGdvcml0aG06IHNoYTI1NldpdGhSU0FFbmNyeXB0aW9uCiAgICAgICAgIDA1OjZiOmRmOjFiOmU5OmRjOmNiOjhhOjdmOjg3OmU0OjViOjQ4OmYyOjEyOmVhOmZjOmI1OgogICAgICAgICA1Yzo0ZTphNjo4NDphNDpmNTo1NzowYjpkZjplODpjZDoyNTo5ODplMTpkZTo1NTowYjoxODoKICAgICAgICAgMTg6MjY6ZWQ6NDY6MDM6YjY6MDY6ODc6MTA6Yjg6YTI6M2Q6ZDY6YTU6Mjc6MjM6YTI6OTc6CiAgICAgICAgIDY3OmE2OmVkOjI4OjEzOjg4Ojg1OjQ1OmI5OjQyOjI0OjNjOmMyOjA3OmM2OmEwOmFlOjZlOgogICAgICAgICA2ODo2MjpjNTpjMDplYjpiNjo2Nzo1Mzo5MDozNzo4ZDo5MjpmODo2YjpmZDowYjo3Mzo5MToKICAgICAgICAgYWE6ZjY6ODI6YWI6NjI6ZmM6NTg6YTk6ZWU6NzQ6MWU6MTQ6Nzc6OTc6MzA6MjE6Njc6YTc6CiAgICAgICAgIDRhOjg2OjYwOjQzOjNjOjUyOjc2OjE3OmY3OjAzOjQ3OjZmOjU0OjkxOjZmOjBlOjkwOjFiOgogICAgICAgICBjYjo1YToxZTo1Nzo2Yjo0NTo3YjpmMTo5OTowYzo3Yzo5OTpjMTpmMzoyZjoyYjowYTpjNjoKICAgICAgICAgMDY6OTQ6MTM6NGI6Y2E6ZGQ6YWY6Mzc6ZGU6ZTY6MDI6MTI6YTk6Nzg6Njk6MmM6M2Y6ODE6CiAgICAgICAgIGMzOmU4OmMyOjhmOmYzOjYwOmE5OjRkOjE4Ojc5OmU2OjI5OmYzOjVkOmJlOmI2OjYzOjA3OgogICAgICAgICA0MDpiZjo5ODoxNDphMDowYzowZDo1NDowYTplMTo4MToyNDoxZToyYjpjMTo2ZTowMTpjNjoKICAgICAgICAgZGI6MjI6OWQ6YmY6YmU6N2I6YzA6ODE6YTk6Y2U6NTU6ODQ6ZmQ6NjM6YmE6ZmQ6ZWE6YTA6CiAgICAgICAgIDI5OjUzOjA3OjZkOmQwOmNjOmZkOmJjOjU2OjQ1OmNjOjBmOjQyOmE5OmJmOmIwOjdkOjAyOgogICAgICAgICAyNjowOTo2Zjo0ZDo3MTo0YzozMzo2YTplOTo1Mzo1MzphMTplMTpmYTo3MjowZjowMjpiNDoKICAgICAgICAgZmY6OTI6ZjE6NGIKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFJEQ0NBaXdDQVFBd0t6RXBNQ2NHQTFVRUF3d2djM1JoWTJ0bmNtVnpMVzl3WlhKaGRHOXlMbk4wWVdOcgpaM0psY3k1emRtTXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaHlMYnRrZC93Cmd5Qzd2eFBFY1ZUNStQZ0pIVW5OQnpVMEJjVlJWZjVlQURqbytBejRTVWxnUGIzc0o3aWdNR3pBZnArNzRXalkKU3BvcklDZWxYcGZjMDJpeU1BTHNnMXgwbUtDN2NOd2JMT0srTWx5OFZEWjlzWU41SXJxdDdNajdnQVhXdlZJUApORUhocG9SeEFLanpUTk85WjJnNUZwMnN4Rjd0STViTmVZa3lyRk9LQzdsTU41MEZ2UkhUM3ErVVRnU25ZMFN5CitnblJFQVJvS1Z5WGE1dEVhbWlWaWYwQktONTJiL0dMUGd6NlMrUXR0aHBKOTcxbGQ5ZlRkT09yTFJZOWNMSmUKRnZvVjl6N0c3MEtFcC85KzdSU2lQRUZySWN5OTZWcFFYVnJOSGRILzRRWUllKzZmWUU3aDJ0aksyUmZvSGZTTgpTM0RyUEVHTFlqTHJBZ01CQUFHZ2dkTXdnZEFHQ1NxR1NJYjNEUUVKRGpHQndqQ0J2ekFKQmdOVkhSTUVBakFBCk1Bc0dBMVVkRHdRRUF3SUY0REFUQmdOVkhTVUVEREFLQmdnckJnRUZCUWNEQVRDQmp3WURWUjBSQklHSE1JR0UKZ2hKemRHRmphMmR5WlhNdGIzQmxjbUYwYjNLQ0hITjBZV05yWjNKbGN5MXZjR1Z5WVhSdmNpNXpkR0ZqYTJkeQpaWE9DSUhOMFlXTnJaM0psY3kxdmNHVnlZWFJ2Y2k1emRHRmphMmR5WlhNdWMzWmpnaTV6ZEdGamEyZHlaWE10CmIzQmxjbUYwYjNJdWMzUmhZMnRuY21WekxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc01BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUFGYTk4YjZkekxpbitINUZ0SThoTHEvTFZjVHFhRXBQVlhDOS9velNXWTRkNVZDeGdZSnUxRwpBN1lHaHhDNG9qM1dwU2Nqb3BkbnB1MG9FNGlGUmJsQ0pEekNCOGFncm01b1lzWEE2N1puVTVBM2paTDRhLzBMCmM1R3E5b0tyWXZ4WXFlNTBIaFIzbHpBaFo2ZEtobUJEUEZKMkYvY0RSMjlVa1c4T2tCdkxXaDVYYTBWNzhaa00KZkpuQjh5OHJDc1lHbEJOTHl0MnZOOTdtQWhLcGVHa3NQNEhENk1LUDgyQ3BUUmg1NWluelhiNjJZd2RBdjVnVQpvQXdOVkFyaGdTUWVLOEZ1QWNiYklwMi92bnZBZ2FuT1ZZVDlZN3I5NnFBcFV3ZHQwTXo5dkZaRnpBOUNxYit3CmZRSW1DVzlOY1V3emF1bFRVNkhoK25JUEFyVC9rdkZMCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
uid: b9102d68-b085-41fd-8ff9-ff2958d2855b
usages:
- digital signature
- key encipherment
- server auth
username: system:serviceaccount:stackgres:stackgres-operator-init
status:
conditions:
- lastUpdateTime: "2020-12-06T23:20:49Z"
message: This CSR was approved by kubectl certificate approve.
reason: KubectlApprove
type: Approved
kind: List
metadata:
resourceVersion: ""
selfLink: ""
If try to install with a custom certificate a custom certificate helm throws an error like this:
+ grafana_admin_cred=***************
+ helm install --namespace stackgres stackgres-operator --set grafana.autoEmbed=true --set-string grafana.webHost=grafana.monitoring --set-string grafana.user=admin --set-string grafana.password=*************** --set-string adminui.service.type=LoadBalancer --debug --set-file cert.crt=/home/seba/tmp/cert_XXXXXXXXXXXXXXX/server.crt --set-file cert.key=/home/seba/tmp/cert_XXXXXXXXXXXXXXX/server.key https://stackgres.io/downloads/stackgres-k8s/stackgres/0.9.3/helm/stackgres-operator.tgz
install.go:172: [debug] Original chart version: ""
install.go:189: [debug] CHART PATH: /home/seba/.cache/helm/repository/stackgres-operator.tgz
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgbackups.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgbackupconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgclusters.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgdistributedlogs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sginstanceprofiles.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgpoolconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD sgpgconfigs.stackgres.io is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD alertmanagers.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD podmonitors.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD prometheuses.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD prometheusrules.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD servicemonitors.monitoring.coreos.com is already present. Skipping.
client.go:122: [debug] creating 1 resource(s)
install.go:141: [debug] CRD thanosrulers.monitoring.coreos.com is already present. Skipping.
Error: YAML parse error on stackgres-operator/templates/certificate-secret.yaml: error converting YAML to JSON: yaml: line 15: could not find expected ':'
helm.go:81: [debug] error converting YAML to JSON: yaml: line 15: could not find expected ':'
YAML parse error on stackgres-operator/templates/certificate-secret.yaml
helm.sh/helm/v3/pkg/releaseutil.(*manifestFile).sort
/home/circleci/helm.sh/helm/pkg/releaseutil/manifest_sorter.go:146
helm.sh/helm/v3/pkg/releaseutil.SortManifests
/home/circleci/helm.sh/helm/pkg/releaseutil/manifest_sorter.go:106
helm.sh/helm/v3/pkg/action.(*Configuration).renderResources
/home/circleci/helm.sh/helm/pkg/action/action.go:165
helm.sh/helm/v3/pkg/action.(*Install).Run
/home/circleci/helm.sh/helm/pkg/action/install.go:239
main.runInstall
/home/circleci/helm.sh/helm/cmd/helm/install.go:241
main.newInstallCmd.func2
/home/circleci/helm.sh/helm/cmd/helm/install.go:120
github.com/spf13/cobra.(*Command).execute
/go/pkg/mod/github.com/spf13/cobra@v1.0.0/command.go:842
github.com/spf13/cobra.(*Command).ExecuteC
/go/pkg/mod/github.com/spf13/cobra@v1.0.0/command.go:950
github.com/spf13/cobra.(*Command).Execute
/go/pkg/mod/github.com/spf13/cobra@v1.0.0/command.go:887
main.main
/home/circleci/helm.sh/helm/cmd/helm/helm.go:80
runtime.main
/usr/local/go/src/runtime/proc.go:203
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1373
Edited by Sebastian Webber