Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception when importing devfile with kubernetes component including a Deployment with environment variables referencing secrets #18508

Closed
4 of 22 tasks
rromannissen opened this issue Dec 2, 2020 · 2 comments
Closed
4 of 22 tasks

Exception when importing devfile with kubernetes component including a Deployment with environment variables referencing secrets #18508

rromannissen opened this issue Dec 2, 2020 · 2 comments
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.25

Comments

@rromannissen
Copy link

Describe the bug

An exception occurs when trying to import a devfile that references a kubernets component file including a Deployment that defines environment variables on the container template that reference a Secret. The following error is displayed on the factory UI:

Screenshot from 2020-12-02 10-48-47

And after clicking OK:

Screenshot from 2020-12-02 10-48-57

As a workaround, removing the reference to the Secret and setting the environment variable value directly solves the problem.

Che version

  • latest
  • nightly
  • other: please specify

Eclipse Che 7.22.0 and CodeReady Workspaces 2.5.0.GA :: crw_2.5/20 :: che-dev @ 9348 (19) :: che-parent @ a6dd7f (7.15.0) :: che @ 7a66a (7.20.2-SNAPSHOT) :: codeready-workspaces @ a1180 (2.5.0.GA)

Steps to reproduce

Use the following devfile contents:

apiVersion: 1.0.0
metadata:
  name: order-management
projects:
- name: gateway
  source:
    type: git
    location: https://github.com/rromannissen/gateway-crw.git
    branch: master
- name: orders
  source:
    type: git
    location: https://github.com/rromannissen/orders-crw.git
    branch: master
- name: inventory
  source:
    type: git
    location: https://github.com/rromannissen/inventory-crw.git
    branch: master
- name: customers
  source:
    type: git
    location: https://github.com/rromannissen/customers-crw.git
    branch: master
components:
- alias: postgresql-customers
  type: kubernetes
  reference: ./postgresql-customers.yaml

The referenced file postgrestql-customers.yaml would have the following contents:

apiVersion: v1
kind: List
items:
- apiVersion: v1
  kind: Secret
  metadata:
    annotations:
      template.openshift.io/expose-database_name: '{.data[''database-name'']}'
      template.openshift.io/expose-password: '{.data[''database-password'']}'
      template.openshift.io/expose-username: '{.data[''database-user'']}'
    labels:
      template: postgresql-ephemeral-template
    name: postgresql-customers
  stringData:
    database-name: customers
    database-password: customers
    database-user: customers
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresql")].port}
    labels:
      template: postgresql-ephemeral-template
    name: postgresql-customers
  spec:
    ports:
    - name: postgresql
      nodePort: 0
      port: 5432
      protocol: TCP
      targetPort: 5432
    selector:
      name: postgresql-customers
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    annotations:
      template.alpha.openshift.io/wait-for-ready: "true"
    labels:
      template: postgresql-ephemeral-template
    name: postgresql-customers
  spec:
    replicas: 1
    selector:
      matchLabels:
        name: postgresql-customers
    strategy:
      type: Recreate
    template:
      metadata:
        labels:
          name: postgresql-customers
      spec:
        containers:
        - capabilities: {}
          env:
          - name: POSTGRESQL_USER
            valueFrom:
              secretKeyRef:
                key: database-user
                name: postgresql-customers
          - name: POSTGRESQL_PASSWORD
            valueFrom:
              secretKeyRef:
                key: database-password
                name: postgresql-customers
          - name: POSTGRESQL_DATABASE
            valueFrom:
              secretKeyRef:
                key: database-name
                name: postgresql-customers
          image: registry.redhat.io/rhel8/postgresql-10
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command:
              - /usr/libexec/check-container
              - --live
            initialDelaySeconds: 120
            timeoutSeconds: 10
          name: postgresql
          ports:
          - containerPort: 5432
            protocol: TCP
          readinessProbe:
            exec:
              command:
              - /usr/libexec/check-container
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            limits:
              memory: 512Mi
          securityContext:
            capabilities: {}
            privileged: false
          terminationMessagePath: /dev/termination-log
          volumeMounts:
          - mountPath: /var/lib/pgsql/data
            name: postgresql-customers-data
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        volumes:
        - emptyDir:
            medium: ""
          name: postgresql-customers-data
  status: {}

This file is an instantiation of the postgresql-ephemeral template from OCP, changing the DeploymentConfig into a Deployment object for CodeReady Workspaces to accept it.

Expected behavior

The objects defined in the postgresql-customers.yaml file for the postgresql-customers kubernetes component get created correctly.

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: (please specify)

Reproduced in https://che.openshift.io and CodeReady Workspaces 2.5.0 in OCP 4.6.4.

Screenshots

Installation method

  • chectl
    • provide a full command that was used to deploy Eclipse Che (including the output)
    • provide an output of chectl version command
  • OperatorHub
  • I don't know

OperatorHub for CodeReady Workspaces 2.5.0 in OCP 4.6.4

Environment

  • my computer
    • Windows
    • Linux
    • macOS
  • Cloud
    • Amazon
    • Azure
    • GCE
    • other (please specify)
  • other: please specify

Reproduced in https://che.openshift.io and CodeReady Workspaces 2.5.0 in OCP 4.6.4.

Eclipse Che Logs

Obtained from CodeReady Workspaces 2.5.0 in OCP 4.6.4.

2020-12-02 10:02:11,147[nio-8080-exec-8]  [INFO ] [o.e.c.a.w.s.WorkspaceRuntimes 480]   - Starting workspace 'dev1/order-managementu8pos' with id 'workspacewvk46diujcocsbo2' by user 'dev1'
2020-12-02 10:02:40,158[aceSharedPool-9]  [WARN ] [.i.k.KubernetesInternalRuntime 255]  - Failed to start Kubernetes runtime of workspace workspacewvk46diujcocsbo2.
java.lang.NullPointerException: null
	at java.base/java.util.regex.Matcher.getTextLength(Matcher.java:1770)
	at java.base/java.util.regex.Matcher.reset(Matcher.java:416)
	at java.base/java.util.regex.Matcher.<init>(Matcher.java:253)
	at java.base/java.util.regex.Pattern.matcher(Pattern.java:1133)
	at org.eclipse.che.workspace.infrastructure.kubernetes.util.EnvVars.extractReferencedVariables(EnvVars.java:96)
	at org.eclipse.che.commons.lang.TopologicalSort.sort(TopologicalSort.java:96)
	at org.eclipse.che.workspace.infrastructure.kubernetes.provision.env.EnvVarsConverter.provision(EnvVarsConverter.java:77)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftEnvironmentProvisioner.provision(OpenShiftEnvironmentProvisioner.java:151)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftEnvironmentProvisioner.provision(OpenShiftEnvironmentProvisioner.java:57)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.provisionWorkspace(KubernetesInternalRuntime.java:303)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftInternalRuntime.provisionWorkspace(OpenShiftInternalRuntime.java:131)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.internalStart(KubernetesInternalRuntime.java:202)
	at org.eclipse.che.api.workspace.server.spi.InternalRuntime.start(InternalRuntime.java:141)
	at org.eclipse.che.api.workspace.server.WorkspaceRuntimes$StartRuntimeTask.run(WorkspaceRuntimes.java:960)
	at org.eclipse.che.commons.lang.concurrent.CopyThreadLocalRunnable.run(CopyThreadLocalRunnable.java:38)
	at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736)
	at io.micrometer.core.instrument.internal.TimedRunnable.run(TimedRunnable.java:44)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.eclipse.che.commons.observability.CountedThreadFactory.lambda$newThread$0(CountedThreadFactory.java:75)
	at java.base/java.lang.Thread.run(Thread.java:834)
2020-12-02 10:02:40,364[aceSharedPool-9]  [INFO ] [o.e.c.a.w.s.WorkspaceRuntimes 984]   - Workspace 'dev1:order-managementu8pos' with id 'workspacewvk46diujcocsbo2' start failed
2020-12-02 10:02:40,364[aceSharedPool-9]  [ERROR] [o.e.c.a.w.s.WorkspaceRuntimes 994]   - An exception occurred.
org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException: An exception occurred.
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.wrapAndRethrow(KubernetesInternalRuntime.java:963)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.internalStart(KubernetesInternalRuntime.java:275)
	at org.eclipse.che.api.workspace.server.spi.InternalRuntime.start(InternalRuntime.java:141)
	at org.eclipse.che.api.workspace.server.WorkspaceRuntimes$StartRuntimeTask.run(WorkspaceRuntimes.java:960)
	at org.eclipse.che.commons.lang.concurrent.CopyThreadLocalRunnable.run(CopyThreadLocalRunnable.java:38)
	at java.base/java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1736)
	at io.micrometer.core.instrument.internal.TimedRunnable.run(TimedRunnable.java:44)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.eclipse.che.commons.observability.CountedThreadFactory.lambda$newThread$0(CountedThreadFactory.java:75)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NullPointerException: null
	at java.base/java.util.regex.Matcher.getTextLength(Matcher.java:1770)
	at java.base/java.util.regex.Matcher.reset(Matcher.java:416)
	at java.base/java.util.regex.Matcher.<init>(Matcher.java:253)
	at java.base/java.util.regex.Pattern.matcher(Pattern.java:1133)
	at org.eclipse.che.workspace.infrastructure.kubernetes.util.EnvVars.extractReferencedVariables(EnvVars.java:96)
	at org.eclipse.che.commons.lang.TopologicalSort.sort(TopologicalSort.java:96)
	at org.eclipse.che.workspace.infrastructure.kubernetes.provision.env.EnvVarsConverter.provision(EnvVarsConverter.java:77)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftEnvironmentProvisioner.provision(OpenShiftEnvironmentProvisioner.java:151)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftEnvironmentProvisioner.provision(OpenShiftEnvironmentProvisioner.java:57)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.provisionWorkspace(KubernetesInternalRuntime.java:303)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftInternalRuntime.provisionWorkspace(OpenShiftInternalRuntime.java:131)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.internalStart(KubernetesInternalRuntime.java:202)
	... 9 common frames omitted
@rromannissen rromannissen added the kind/bug Outline of a bug - must adhere to the bug report template. label Dec 2, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Dec 2, 2020
@l0rd l0rd added area/che-server severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Dec 2, 2020
@l0rd
Copy link
Contributor

l0rd commented Dec 2, 2020

Thank you @rromannissen for reporting this bug. We do declare that we support secrets indeed.

FYI we have a mechanism to automatically mount secrets in the containers of a workspace. But I am not sure if it's applicable in your use case.

@skabashnyuk skabashnyuk mentioned this issue Dec 30, 2020
Closed
6 tasks
@skabashnyuk skabashnyuk added this to the 7.25 milestone Dec 30, 2020
@mshaposhnik mshaposhnik mentioned this issue Jan 18, 2021
Merged
9 tasks
@mshaposhnik
Copy link
Contributor

Fixed in master;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.25
Development

No branches or pull requests
5 participants
@l0rd @skabashnyuk @mshaposhnik @rromannissen @che-bot