orange-analyst-19175
08/21/2023, 11:18 PMkubernetes
provider. Garden version 0.13.12. I have the local-kubernetes
working just fine but am having trouble getting it set up for remote. I am using this document as my general guide https://docs.garden.io/kubernetes-plugins/remote-k8s/configure-provider. I setup a cluster in Azure AKS and can connect to it using kubectl
(e.g. kubectl get nodes
). I deployed contour, cert-manager, letsencrypt and certificate using helm/kubectl such that I have a valid certificate. My DNS points to the cluster (if I install a service using helm I can connect to it at my URL). I have a container registry created in azure and created a imagePullSecret and put it in the cluster using kubectl create secret docker-registry
My project.garden.yaml
looks like:
Edit - config removed for length.
The issue is when I run garden deploy --env remote
I get the following message:
βΉ garden β Running in Garden environment remote.default
βΉ providers β Getting status...
β providers β Failed processing resolve provider kubernetes (took 1.4 sec). Here is the output:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Error: Client network socket disconnected before secure TLS connection was established
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Failed resolving one or more providers:
- kubernetes
See .garden/error.log for detailed error message
There does not appear to be any additional information in the logs. I've tried running with the --logs
flag which appears to run it in an interactive mode, but I am not sure what to do from there.
I am not sure where to go from here. Any help would be appreciated.
Thanks,
Mattquaint-dress-831
08/22/2023, 9:30 AMgarden
with -l5
and put the output in a Gist?orange-analyst-19175
08/22/2023, 11:46 AMgarden deploy --env remote -l5
is here: https://gist.github.com/mgdenno/3abd151a78babe439985b96e6c54a29dquaint-dress-831
08/22/2023, 12:08 PMproject.garden.yml
somewhere accessible?garden
and indicates a network issue. I'd ask you if you've double-checked garden
is using the correct context but based on the line βΉ providers [silly] β GET https://yuba-rtim-k8s-2mm9efpj.hcp.eastus2.azmk8s.io:443/apis/networking.k8s.io/v1
it looks like it is.kubectl get nodes
orange-analyst-19175
08/22/2023, 12:21 PMproject.garden.yaml
https://gist.github.com/mgdenno/b8b64b63fb2a0c6a336729f015a7b0efquaint-dress-831
08/22/2023, 12:23 PMorange-analyst-19175
08/22/2023, 12:25 PMquaint-dress-831
08/22/2023, 1:31 PM~/bak
then go through the steps in https://docs.garden.io/kubernetes-plugins/remote-k8s/create-cluster/azureorange-analyst-19175
08/22/2023, 2:06 PMquaint-dress-831
08/22/2023, 4:30 PMorange-analyst-19175
08/22/2023, 4:33 PMcurl https://yuba-rtim-k8s-2mm9efpj.hcp.eastus2.azmk8s.io/apis/networking.k8s.io/v1
I get a message about an SSL certificate problem. If I run openssl s_client -connect yuba-rtim-k8s-2mm9efpj.hcp.eastus2.azmk8s.io:443 -showcerts
I see the certificates. And if I run curl -k https://yuba-rtim-k8s-2mm9efpj.hcp.eastus2.azmk8s.io/apis/networking.k8s.io/v1
it seems to go through (unauthorized because no credentials are passed I guess). Is there a way in garden to do something equivalent to the -k
flag in curl
Or is it already set to allow self-signed certs. I think I still do not exactly understand what is happening.quaint-dress-831
08/23/2023, 8:27 AMorange-analyst-19175
08/23/2023, 12:02 PMcurl
, but garden seems to die doing it, if I'm reading the logs correctly. Is there a way to see exactly what the request garden is sending is, including the headers, so I can try that in curl? Or do you know what headers are required? Is it just auth?curl
can handle, but that whatever library garden uses can't.quaint-dress-831
08/24/2023, 12:51 PM