site-developer-guide
site-developer-guide copied to clipboard
fast start install failed on IBM ROKS cluster due to `unthorized` error pulling image quay.io/bitnami/sealed-secrets-controller:v0.17.1
Describe the bug A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior: curl -sfL get.cloudnativetoolkit.dev | sh - failed with
│ Error: local-exec provisioner error
│
│ with module.cicd.module.sealed_secrets.null_resource.create_instance,
│ on .terraform/modules/cicd.sealed_secrets/main.tf line 81, in resource "null_resource" "create_instance":
│ 81: provisioner "local-exec" {
│
│ Error running command
│ '.terraform/modules/cicd.sealed_secrets/scripts/create-instance.sh
│ sealed-secrets': exit status 1. Output: Installing sealed secrets
│ controller
│ Release "sealed-secrets" does not exist. Installing it now.
│ NAME: sealed-secrets
│ LAST DEPLOYED: Fri May 6 12:50:53 2022
│ NAMESPACE: sealed-secrets
│ STATUS: deployed
│ REVISION: 1
│ TEST SUITE: None
│ Waiting for deployment/sealed-secrets in sealed-secrets
│ Waiting for deployment "sealed-secrets" rollout to finish: 0 of 1 updated
│ replicas are available...
│ error: deployment "sealed-secrets" exceeded its progress deadline
And details on the failed pod:
oc describe pod sealed-secrets-5684c9b6-x2zgv
Name: sealed-secrets-5684c9b6-x2zgv
Namespace: sealed-secrets
Priority: 0
Node: 10.87.171.248/10.87.171.248
Start Time: Fri, 06 May 2022 08:50:57 -0400
Labels: app.kubernetes.io/instance=sealed-secrets
app.kubernetes.io/name=sealed-secrets
pod-template-hash=5684c9b6
Annotations: cni.projectcalico.org/containerID: 644bbb2630b6a46f0dd5eabecdc2a2f557290ba121e62bef74e68c6f9f093e90
cni.projectcalico.org/podIP: 172.30.8.181/32
cni.projectcalico.org/podIPs: 172.30.8.181/32
k8s.v1.cni.cncf.io/network-status:
[{
"name": "k8s-pod-network",
"ips": [
"172.30.8.181"
],
"default": true,
"dns": {}
}]
k8s.v1.cni.cncf.io/networks-status:
[{
"name": "k8s-pod-network",
"ips": [
"172.30.8.181"
],
"default": true,
"dns": {}
}]
openshift.io/scc: sealed-secrets-sealed-secrets-anyuid
Status: Pending
IP: 172.30.8.181
IPs:
IP: 172.30.8.181
Controlled By: ReplicaSet/sealed-secrets-5684c9b6
Containers:
controller:
Container ID:
Image: quay.io/bitnami/sealed-secrets-controller:v0.17.1
Image ID:
Port: 8080/TCP
Host Port: 0/TCP
Command:
controller
Args:
--key-prefix
sealed-secret-key
State: Waiting
Reason: ImagePullBackOff
Ready: False
Restart Count: 0
Liveness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Readiness: http-get http://:http/healthz delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-gj2md (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-gj2md:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
ConfigMapName: openshift-service-ca.crt
ConfigMapOptional: <nil>
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 10m default-scheduler Successfully assigned sealed-secrets/sealed-secrets-5684c9b6-x2zgv to 10.87.171.248
Normal AddedInterface 10m multus Add eth0 [172.30.8.181/32] from k8s-pod-network
Normal Pulling 8m8s (x4 over 10m) kubelet Pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.1"
Warning Failed 7m56s (x4 over 10m) kubelet Failed to pull image "quay.io/bitnami/sealed-secrets-controller:v0.17.1": rpc error: code = Unknown desc = reading manifest v0.17.1 in quay.io/bitnami/sealed-secrets-controller: unauthorized: access to the requested resource is not authorized
Warning Failed 7m56s (x4 over 10m) kubelet Error: ErrImagePull
Warning Failed 7m34s (x6 over 10m) kubelet Error: ImagePullBackOff
Normal BackOff 21s (x37 over 10m) kubelet Back-off pulling image "quay.io/bitnami/sealed-secrets-controller:v0.17.1"
Expected behavior A clear and concise description of what you expected to happen. - successful installation
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS] Mac
- Browser [e.g. chrome, safari]
- Version [e.g. 22]