Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install Script Does Not Work with kubectl Ordering #50

Closed
danielhelfand opened this issue Nov 18, 2020 · 9 comments
Closed

Install Script Does Not Work with kubectl Ordering #50

danielhelfand opened this issue Nov 18, 2020 · 9 comments
Labels
bug This issue describes a defect or unexpected behavior

Comments

@danielhelfand
Copy link
Contributor

danielhelfand commented Nov 18, 2020
edited
Loading

Following the install instructions for kapp-controller, there is no mention of needing to create the kapp-controller namespace before using kapp or kubectl.

One approach to resolving this would be to actually include the creation of the kapp-controller namespace as part of the script. An alternative is to update the documentation so users are aware of the step before installing.

EDIT

This issue is actually about how kubectl needs the namespace resource to come before all other dependent resources in the release script as shown here. The kapp install process should still work as expected.
@danielhelfand danielhelfand added documentation This issue indicates a change to the docs should be considered enhancement This issue is a feature request labels Nov 18, 2020
@cppforlife
Copy link
Contributor

namespace is included in the release.yml (https://github.com/vmware-tanzu/carvel-kapp-controller/blob/develop/config/namespace.yml).

@cppforlife cppforlife added discussion This issue is not a bug or feature and a conversation is needed to find an appropriate resolution and removed documentation This issue indicates a change to the docs should be considered enhancement This issue is a feature request labels Nov 18, 2020
@danielhelfand
Copy link
Contributor Author

Yes, I did see that after a follow up. I am getting the following error when running:

customresourcedefinition.apiextensions.k8s.io/apps.kappctrl.k14s.io created
namespace/kapp-controller created
serviceaccount/kapp-controller-sa created
clusterrole.rbac.authorization.k8s.io/kapp-controller-cluster-role created
clusterrolebinding.rbac.authorization.k8s.io/kapp-controller-cluster-role-binding created
Error from server (NotFound): error when creating "https://github.com/k14s/kapp-controller/releases/latest/download/release.yml": namespaces "kapp-controller" not found

@danielhelfand
Copy link
Contributor Author

This is when using kubectl apply by the way to maybe narrow it down:

kubectl apply -f https://github.com/k14s/kapp-controller/releases/latest/download/release.yml

@danielhelfand
Copy link
Contributor Author

danielhelfand commented Nov 18, 2020
edited
Loading

Reordering the script as follows works with namespace creation coming first:

---
apiVersion: v1
kind: Namespace
metadata:
  name: kapp-controller
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: apps.kappctrl.k14s.io
spec:
  additionalPrinterColumns:
  - JSONPath: .status.friendlyDescription
    description: Friendly description
    name: Description
    type: string
  - JSONPath: .status.deploy.startedAt
    description: Last time app started being deployed. Does not mean anything was
      changed.
    name: Since-Deploy
    type: date
  - JSONPath: .metadata.creationTimestamp
    description: |-
      CreationTimestamp is a timestamp representing the server time when this object was created.
      It is not guaranteed to be set in happens-before order across separate operations.
      Clients may not set this value. It is represented in RFC3339 form and is in UTC.
      Populated by the system. Read-only. Null for lists.
      More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
    name: Age
    type: date
  group: kappctrl.k14s.io
  names:
    kind: App
    listKind: AppList
    plural: apps
    singular: app
  scope: Namespaced
  subresources:
    status: {}
  versions:
  - name: v1alpha1
    served: true
    storage: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kbld.k14s.io/images: |
      - Metas:
        - Path: /Users/dk/workspace/k14s-go/src/github.com/k14s/kapp-controller
          Type: local
        - Dirty: false
          RemoteURL: git@github.com:k14s/kapp-controller
          SHA: e66d0d12829c4fadb79b91b00a565c2357517f64
          Type: git
        URL: index.docker.io/k14s/kapp-controller@sha256:038107419ba4e3cb73087fb00bf1d3e1be83dabdcc55939b5d117f18b1dac66c
  name: kapp-controller
  namespace: kapp-controller
spec:
  replicas: 1
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: kapp-controller
  template:
    metadata:
      labels:
        app: kapp-controller
    spec:
      containers:
      - args: []
        env:
        - name: KAPPCTRL_MEM_TMP_DIR
          value: /etc/kappctrl-mem-tmp
        image: index.docker.io/k14s/kapp-controller@sha256:038107419ba4e3cb73087fb00bf1d3e1be83dabdcc55939b5d117f18b1dac66c
        name: kapp-controller
        resources:
          requests:
            cpu: 120m
            memory: 100Mi
        securityContext:
          runAsGroup: 2000
          runAsUser: 1000
        volumeMounts:
        - mountPath: /etc/kappctrl-mem-tmp
          name: template-fs
      securityContext:
        fsGroup: 3000
      serviceAccount: kapp-controller-sa
      volumes:
      - emptyDir:
          medium: Memory
        name: template-fs
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kapp-controller-sa
  namespace: kapp-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kapp-controller-cluster-role
rules:
- apiGroups:
  - ""
  resources:
  - serviceaccounts
  - secrets
  - configmaps
  verbs:
  - get
- apiGroups:
  - kappctrl.k14s.io
  resources:
  - apps
  - apps/status
  verbs:
  - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kapp-controller-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kapp-controller-cluster-role
subjects:
- kind: ServiceAccount
  name: kapp-controller-sa
  namespace: kapp-controller

@cppforlife
Copy link
Contributor

cppforlife commented Nov 18, 2020
edited
Loading

ugh kubectl ordering. we could probably order ytt files by prefixing them.

but general answer here is -- use kapp.

@danielhelfand danielhelfand changed the title Include kapp-controller Namespace as Part of release.yaml or Document Need to Create Namespace Before Install Install Script Does Not Work with kubectl Ordering Nov 18, 2020
@danielhelfand danielhelfand added bug This issue describes a defect or unexpected behavior and removed discussion This issue is not a bug or feature and a conversation is needed to find an appropriate resolution labels Nov 18, 2020
@StevenLocke
Copy link

This seems like a valid use case. One benefit of using kapp-controller is that you wouldn't need to install any other Carvel tools locally.

@cppforlife cppforlife added the in-progress Work has begun by a community member or a maintainer; this issue may be included in a future release label Nov 20, 2020
@cppforlife
Copy link
Contributor

fixed in 00ccf87

@danielhelfand
Copy link
Contributor Author

Will close once new script is released.

@cppforlife
Copy link
Contributor

included in https://github.com/vmware-tanzu/carvel-kapp-controller/releases/tag/v0.13.0.

@danielhelfand danielhelfand removed the in-progress Work has begun by a community member or a maintainer; this issue may be included in a future release label Dec 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue describes a defect or unexpected behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cppforlife @StevenLocke @danielhelfand