Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

controller cannot connect with credentials from the secret #26

Closed
qw1mb0 opened this issue Jul 5, 2019 · 4 comments
Closed

controller cannot connect with credentials from the secret #26

qw1mb0 opened this issue Jul 5, 2019 · 4 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@qw1mb0
Copy link

qw1mb0 commented Jul 5, 2019

/kind bug

What happened:
The controller cannot connect with credentials from the secret.

What you expected to happen:
I created a secret as described in the example: https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/docs/deploying_csi_vsphere_with_rbac.md#2-optional-but-recommended-storing-vcenter-credentials-in-a-kubernetes-secret

apiVersion: v1
data:
  dc-vsphere.local.password: cGFzc3dvcmQK=
  dc-vsphere.local.username: dXNlcm5hbWUK
kind: Secret
metadata:
  name: vsphere-csi-driver-credentials
type: Opaque

And the configuration file:

apiVersion: v1
data:
  vsphere.conf: |
    [Global]
    secret-name = "vsphere-csi-driver-credentials"
    secret-namespace = "kube-system"
    service-account = "vsphere-csi-controller"

    port = "443"
    insecure-flag = "1"
    [VirtualCenter "dc-vsphere.local"]
    datacenters = "X2"
kind: ConfigMap
metadata:
  name: csi-config

In controller logs:

time="2019-07-05T06:50:58Z" level=debug msg="enabled context injector"
time="2019-07-05T06:50:58Z" level=debug msg="init req & rep validation" withSpec=false
time="2019-07-05T06:50:58Z" level=debug msg="init implicit rep validation" withSpecRep=false
time="2019-07-05T06:50:58Z" level=debug msg="init req validation" withSpecReq=false
time="2019-07-05T06:50:58Z" level=debug msg="enabled request ID injector"
time="2019-07-05T06:50:58Z" level=debug msg="enabled request logging"
time="2019-07-05T06:50:58Z" level=debug msg="enabled response logging"
time="2019-07-05T06:50:58Z" level=debug msg="enabled serial volume access"
time="2019-07-05T06:50:58Z" level=info msg="Initializing CSI for Kubernetes"
I0705 06:50:58.877520       1 reflector.go:202] Starting reflector *v1.Secret (0s) from pkg/mod/k8s.io/client-go@v8.0.0+incompatible/tools/cache/reflector.go:99
I0705 06:50:58.877542       1 reflector.go:240] Listing and watching *v1.Secret from pkg/mod/k8s.io/client-go@v8.0.0+incompatible/tools/cache/reflector.go:99
E0705 06:51:02.906278       1 connection.go:63] Failed to create govmomi client. err: ServerFaultCode: Cannot complete login due to an incorrect user name or password.
time="2019-07-05T06:51:03Z" level=info msg="configured: vsphere.csi.vmware.com" api=FCD mode=controller
time="2019-07-05T06:51:03Z" level=info msg="identity service registered"
time="2019-07-05T06:51:03Z" level=info msg="controller service registered"
time="2019-07-05T06:51:03Z" level=info msg=serving endpoint="unix:///var/lib/csi/sockets/pluginproxy/csi.sock"
time="2019-07-05T06:51:03Z" level=debug msg="/csi.v1.Identity/GetPluginInfo: REQ 0001: XXX_NoUnkeyedLiteral={}, XXX_sizecache=0"
time="2019-07-05T06:51:03Z" level=debug msg="/csi.v1.Identity/GetPluginInfo: REP 0001: Name=vsphere.csi.vmware.com, VendorVersion=v0.2.0, XXX_NoUnkeyedLiteral={}, XXX_sizecache=0"

Anything else we need to know?:
Controller version: gcr.io/cloud-provider-vsphere/vsphere-csi:v0.2.0

Environment:

  • csi-vsphere version: 0.2.0
  • vsphere-cloud-controller-manager version: without controller-manager
  • Kubernetes version: 1.15.0
  • vSphere version: 6.7.0.30000
  • OS (e.g. from /etc/os-release): Ubuntu 16.04.6 LTS
  • Kernel (e.g. uname -a): 4.15.0-54-generic
  • Install tools: helm
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jul 5, 2019
@dvonthenen
Copy link
Contributor

@qw1mb0 You filed a similar issue on the CCM repo. We updated the preferred method for secrets to use stringData in order to avoid the confusion with using:

  1.2.3.4.username: "Replace with output from `echo -n YOUR_VCENTER_USERNAME | base64`"
  1.2.3.4.password: "Replace with output from `echo -n YOUR_VCENTER_PASSWORD | base64`"

Please take a look at the updated docs and give that a try. Same link you provided:
https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/docs/deploying_csi_vsphere_with_rbac.md#2-optional-but-recommended-storing-vcenter-credentials-in-a-kubernetes-secret

@dvonthenen
Copy link
Contributor

dvonthenen commented Aug 1, 2019
edited

@qw1mb0 were you able to retry this with the new preferred method?

I am assuming that you were able to get past this because you filed other issues which required the provider be running:
#27

@dvonthenen
Copy link
Contributor

If you are still having a problem, please re-open. Otherwise, closing to due to inactivity.

/close

@k8s-ci-robot
Copy link
Contributor

@dvonthenen: Closing this issue.

In response to this:

If you are still having a problem, please re-open. Otherwise, closing to due to inactivity.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@gbadanahatti gbadanahatti mentioned this issue Dec 12, 2019
Closed
jsafrane pushed a commit to jsafrane/vsphere-csi-driver that referenced this issue Dec 16, 2021
@openshift-merge-robot
Merge pull request kubernetes-sigs#26 from bertinatto/merge-v2.4.0
b8eb1c4 
 Merge changes from v2.4.0 upstream tag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qw1mb0 @dvonthenen @k8s-ci-robot