For some unclear reason the gcloud compute backend-services does not find a resource even it is listed.
I run the command:
gcloud compute backend-services list
And get the output:
NAME BACKENDS PROTOCOL
k8s1-48550837-defaul-reverse-proxy-captcha-s-8-9edaabba us-central1-c/networkEndpointGroups/k8s1-48550837-defaul-reverse-proxy-captcha-s-8-9edaabba HTTP
k8s1-48550837-default-admission-service-80-ccc76f21 us-central1-c/networkEndpointGroups/k8s1-48550837-default-admission-service-80-ccc76f21 HTTP
k8s1-48550837-default-agent-service-80-46302173 us-central1-c/networkEndpointGroups/k8s1-48550837-default-agent-service-80-46302173 HTTP
k8s1-48550837-default-authproxy-service-80-f50b4f37 us-central1-c/networkEndpointGroups/k8s1-48550837-default-authproxy-service-80-f50b4f37 HTTP
But for any one of the backends I am trying to get description or edit, I get error.
For example, this command:
gcloud compute backend-services describe k8s1-48550837-default-agent-service-80-46302173
returns error:
ERROR: (gcloud.compute.backend-services.describe) Could not fetch resource:
- The resource 'projects/radware-cto/regions/us-central1/backendServices/k8s1-48550837-default-agent-service-80-46302173' was not found
OP confirmed --global works in a comment.
The reason this works is because the 'describe' command will by default describe the resource in the default compute/region (gcloud config set compute/region...)
You can see this in your error message:
- The resource .../regions/us-central1/backendServices/...
However, as this resource is global, we need to specify --global flag to override the default region.
Additional information here
Related
I have issue with microk8s hitting rate limit for docker.io registry
ctr: failed to copy: httpReaderSeeker: failed open: unexpected status code https://registry-1.docker.io/v2/calico/kube-controllers/manifests/sha256:bf58609ff39089533b80ff2a10fffd1302346f153c66e24d0572fb8b198daea1: 429 Too Many Requests - Server message: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
I wanted to configure private repository authorization for docker.io. I've followed following instruction
It looks like that it's not working with docker.io registry
I've modified configuration file
/var/snap/microk8s/current/args/containerd-template.toml
with following content
[plugins."io.containerd.grpc.v1.cri".registry]
# 'plugins."io.containerd.grpc.v1.cri".registry.mirrors' are namespace to mirror mapping for all namespaces.
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io", ]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".auth]
username = ""
password = ""
auth = ""
email = ""
However it looks like this is not working for docker.io registry
I'm aware of this solution, however if I recall correctly this needs to be applied to every namespace separately. I'm looking for a one-shot solution for whole kubernetes cluster.
Is there such solution, or kubernetes secrets are the only way to go ?
I run terraform with kubernetes_pod module, but it fails with "the server could not find the requested resource (post pods)". How can I get more meaningful error message?
You can set the terraform log to debug or trace like this :
export TF_LOG=DEBUG
https://www.terraform.io/docs/internals/debugging.html
I am trying to initialize my gcloud settings for a project. But when I run the gcloud init command, it gives error gcloud crashed.
It was previously working but all of sudden today this command crashed. I tried 'gcloud auth login' and pasted the credentials, but it still gives the same error
gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
core:
disable_usage_reporting: 'False'
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
ERROR: gcloud crashed (ValueError): the query contains a null character
If you would like to report this issue, please run the following command:
gcloud feedback
To check gcloud for common problems, please run the following command:
gcloud info --run-diagnostics
The actual results should be like below:
gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
core:
account: prajakta#gmail.com
disable_usage_reporting: 'False'
project: default-1234
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for
this configuration:
[1] prajakta#gmail.com
[2] Log in with a new account
Please enter your numeric choice: 1
Pick cloud project to use:
[1] default-1234
[2] abc-project
[3] Create a new project
Please enter numeric choice or text value (must exactly match list
item): 1
Your current project has been set to: [default-1234].
Your Google Cloud SDK is configured and ready to use!
From the output that you included, it appears to have completed successfully:
Your Google Cloud SDK is configured and ready to use!
Are you able to use any commands?
gcloud config list
gcloud auth list
gcloud projects list
It's not clear which operating system you're using but it's probable that either some dependent piece of software was upgraded and caused the break; and|or Cloud SDK (aka gcloud) has upgraded on your machine and it is broken.
You may be best-placed to contact Google Cloud Support, or if you don't have a support contract, to file an issue on Google issue tracker for gcloud here:
https://issuetracker.google.com/issues/new?component=187143
NB You've included your email address and several of your projects in your question, you may wish to redact these as they're not necessary to help answer the question.
Feel like I'm missing something obvious here but I can't spot it.
I'm trying to apply an IAM Policy using JSON however gcloud seems to always try and interpret the policy file as YAML.
I've tested this with a YAML equivalent and it works. The policy.json file I'm sure is correct, I used gcloud projects get-iam-policy ${proj} to create it.
As far as I can tell I've followed the documentation for this correctly, there doesn't seem to be an extra flag or option to supply for it to read the policy as JSON.
Command:
gcloud projects set-iam-policy ${proj} policy.json
Error:
ERROR: (gcloud.projects.set-iam-policy) Failed to parse YAML from [policy.json]: while scanning for the next token found character '\t' that cannot start any token
in "policy.json", line 3, column 1
GCloud SDK Version: 228.0.0
The get-iam-policy output is in YAML format by default. To ensure you have the correct output, try the following command:
gcloud projects get-iam-policy your-project --format=json >> policy.json
This will write the output formatted to JSON in a policy.json file.
What setting up a new Kubernetes endpoint and clicking "Verify Connection" the error message:
"The Kubconfig does not contain user field. Please check the kubeconfig. " - is always displayed.
Have tried multiple ways of outputting the config file to no avail. I've also copy and pasted many sample config files from the web and all end up with the same issue. Anyone been successful in creating a new endpoint?
This is followed by TsuyoshiUshio/KubernetesTask issue 35
I try to reproduce, however, I can't do it.
I'm not sure, however, I can guess it might the mismatch of the version of the cluster/kubectl which you download by the download task/kubeconfig.
Workaround might be like this:
kubectl version in your local machine and check the current server/client version
specify the same version as the server on the download task. (by default it is 1.5.2)
See the log of your release pipeline which is fail, you can see which kubectl command has been executed, do the same thing on your local machine with fitting your local pc's environment.
The point is, before go to the VSTS, download the kubectl by yourself.
Then, put the kubeconfg on the default folder like ~/.kube/config or set environment variables KUBECONFIG to the binary.
Then execute kubectl get nodes and make sure if it works.
My kubeconfig is different format with yours. If you use AKS, az aks install-cli command and az aks get-credentials command.
Please refer https://learn.microsoft.com/en-us/azure/aks/kubernetes-walkthrough .
If it works locally, the config file must work on the VSTS task environment. (or this task or VSTS has a bug)
I had the same problem on VSTS.
Here is my workaround to get a Service Connection working (in my case to GCloud):
Switched Authentication to "Service Account"
Run the two commands told by the info icon next to the fields Token and Certificate: "Token to authenticate against Kubernetes.
Use the ‘kubectl get serviceaccounts -o yaml’ and ‘kubectl get secret
-o yaml’ commands to get the token."
kubectl get secret -o yaml > kubectl-secret.yaml
Search inside the the file kubectl-secret.yaml the values ca.crt and token
Enter the values inside VSTS to the required fields
The generated config I was using had a duplicate line, removing this corrected the issue for me.
users:
- name: cluster_stuff_here
- name: cluster_stuff_here