I am using spring cloud config server on openshift. The Git repository is the backend. I am getting below error when I update any property in the Git repo.
2019-12-25 12:10:36.988 WARN 1 --- [nio-8080-exec-1] o.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[config-server-32-66p47]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/ci-dev/pods/config-server-32-66p47. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "ms-config-server-32-66p47" is forbidden: User "system:serviceaccount:ci-dev:default" cannot get resource "pods" in API group "" in the namespace "ci-dev".
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.requestFailure(OperationSupport.java:472) ~[kubernetes-client-3.1.10.jar!/:na]
at io.fabric8.kubernetes.client.dsl.base.OperationSupport.assertResponseCode(OperationSupport.java:409) ~[kubernetes-client-3.1.10.jar!/:na]
Your app has spring-cloud-kubernetes dependency on the classpath and there is no kubernetes service account configured for this deployment.
This is why it's throwing an error, because it's not related to Spring Cloud Config Server. Configure service account or remove the mentioned dependency if you don't use it, so you pass this problem and will be able to configure config server.
Related
An app is failing with the following error:
00:27:36.300 WARN [my-sample-api,,,] 19 --- [ main] c.c.c.ConfigServicePropertySourceLocator : Could not locate PropertySource: Error requesting access token.
I have tried the following with no success:
Re-bound the config-server service to the app.
Re-created the config-server and bound it to the app.
Updated the config-server with another property source url.
My application works on a different environment that uses the same property source and application build.
Any clues how to solve this?
The issues couldn't be found in the logs so I decided to look elsewhere when I saw there was a proxy set in the JAVA_OPTS in the manifest.yml. So if someone runs into this issue, check your deployment pipeline and make sure you do not have proxy set, or if you do make sure it can reach PCF.
I have been trying to setup Spring Cloud Dataflow Server for Kubernetes locally using minikube. Have followed the installation instructions in the the link here : SCDF Installation Reference
I've been getting the below error for the SCDF server:
11:32:52.095 [main] DEBUG io.fabric8.kubernetes.client.Config - Trying to configure client namespace from Kubernetes service account namespace path...
11:32:52.096 [main] DEBUG io.fabric8.kubernetes.client.Config - Found service account namespace at: [/var/run/secrets/kubernetes.io/serviceaccount/namespace].
2018-04-24 11:33:14.348 WARN 1 --- [ main] o.s.cloud.kubernetes.StandardPodUtils : Failed to get pod with name:[scdf-server-869d56967c-97lsd]. You should look into this if things aren't working as you expect. Are you missing serviceaccount permissions?
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default.svc/api/v1/namespaces/default/pods/scdf-server-869d56967c-97lsd. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods "scdf-server-869d56967c-97lsd" is forbidden: User "system:serviceaccount:default:default" cannot get pods in the namespace "default".
Below are the version details:
Spring Cloud Data Flow Server : 1.4.0.RELEASE
Kubernetes Local Deployment using minikube
Kubernetes Version : 1.10
The latest release of minikube enabled RBAC by default.
For RBAC enabled clusters, we have added a note in the installation section on this matter.
"The latest releases of kubernetes have enabled RBAC on the api-server. If your target platform has RBAC enabled you must ask a cluster-admin to create the roles and role-bindings for you before deploying the dataflow server. They associate the dataflow service account with the roles it needs to be run with."
For minikube, however, you can run the following command and retry installaing.
kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default
Alternatively, if you're using the helm-chart, you can disable RBAC and install the chart with the following on minikube.
helm init
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com
helm repo update
helm install --name my-release --set server.service.type=NodePort --set rbac.create=false incubator/spring-cloud-data-flow
From the installation guide, step 7: https://docs.spring.io/spring-cloud-dataflow-server-kubernetes/docs/1.4.0.RELEASE/reference/htmlsingle/#_deploying_using_kubectl
The latest releases of kubernetes have enabled RBAC on the api-server. If your target platform has RBAC enabled you must ask a cluster-admin to create the roles and role-bindings for you before deploying the dataflow server. They associate the dataflow service account with the roles it needs to be run with.
$ kubectl create -f src/kubernetes/server/server-roles.yaml
$ kubectl create -f src/kubernetes/server/server-rolebinding.yaml
Did you perform those steps?
I'm developing a POC over IBM HyperLedger Blockchain. I have a business network developed and deployed in IBM Cloud. I can generate a working local API REST, but cannot make it work on cloud, on the deployed IP.
I'm following this guide:
https://ibm-blockchain.github.io/interacting/
You just have to execute the following command:
./create/create_composer-rest-server.sh --business-network-card MY_BIZNET_CARD_NAME
But it doesn't deploy anything, and get the following (more related to kubernetes than blockchain).
Preparing yaml file for create composer-rest-server
Creating composer-rest-server pod
Running: kubectl create -f /Users/sm/jsblock/ibm-container-service/cs-offerings/scripts/../kube-configs/composer-rest-server.yaml
The connection to the server localhost:8080 was refused - did you specify the right host or port?
the server doesn't have a resource type "svc"
Creating composer-rest-server service
Running: kubectl create -f /Users/sm/jsblock/ibm-container-service/cs-offerings/scripts/../kube-configs/composer-rest-server-services-free.yaml
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Composer rest server created successfully
Any ideas? Thanks too much.
You need to ensure you have a correct kube config setup. Step 10 in https://ibm-blockchain.github.io/setup/ provides the details to set up KUBECONFIG as the error suggests that either it is not configured or not configured correctly.
The document you refer to https://ibm-blockchain.github.io/interacting/ is being updated and should be available soon.
When you run the command ./create/create_composer-rest-server.sh --business-network-card MY_BIZNET_CARD_NAME - should be the name of the Network Admin for the network you deployed, NOT the PeerAdmin card so it will be something like ./create/create_composer-rest-server.sh --business-network-card admin#perishable-network
Look like it's an issue of acceess control. You should make sure again you are running with Local Admin configuration.it will help you to run queries
Deployed fabric8 in Google Container Engine with 12 core 45GB RAM. Used gofabric8 0.4.69 for deploying fabric8 on GCE.
Tried to create a microservice, but it is failing in integration testing phase throwing the following error "Waiting for container:spring-boot. Reason:CrashLoopBackOff"
Please help to resolve this.
Which quickstart were you trying?
It sounds like the application terminated. I wonder if this shows any output:
kubectl get pod
kubectl logs nameofpod
where nameofpod is the pod that is crashing.
BTW the new fabric8-maven-plugin version (3.1.45 or later) now has a nicer fabric8:run goal.
If you clone the git repository to your local file system and update the version of fabric8-maven-plugin you should be able to run it via:
mvn fabric8:run
Then you get to see the output of the spring app in your console to see if something fails etc.
I imported the "Spring Getting Started - Rest Service" as a new project into Spring Tools. Works fine locally. After building the JAR with mvn clean package and editing the manifest.yml to correctly point to the JAR location I've tried to deploy this project to Cloud Foundry. The project deploys fine but fails shortly after starting with the following error.
Instance (index 0) failed to start accepting connections
App instance exited with guid 96f2fbd0-aaa3-48aa-9181-55abf624c626 payload:
{
"cc_partition"=>"default",
"droplet"=>"96f2fbd0-aaa3-48aa-9181-55abf624c626",
"version"=>"9ee684a6-7d62-4f45-9481-97d4e87c3895",
"instance"=>"db08e1b5fba44d938f4904ae4c921878",
"index"=>0,
"reason"=>"CRASHED",
"exit_status"=>-1,
"exit_description"=>"failed to accept connections within health check timeout",
"crash_timestamp"=>1439875540
}
Try to:
increase timeout by calling cf push -t 180
set server port to 8080 in cloud profile
or change health-check-type inside the manifest.yml:
---
applications:
- name: ...
health-check-type: process