Run kubernetes build from terraform












6















I'm trying to make a simple test to build a simple nginx on kubernetes from terraform.
This is the first time working terraform.



This is the basic terraform file:



provider "kubernetes" {

  host = "https://xxx.xxx.xxx.xxx:8443"



  client_certificate     = "${file("~/.kube/master.server.crt")}"

  client_key             = "${file("~/.kube/master.server.key")}"

  cluster_ca_certificate = "${file("~/.kube/ca.crt")}"



  username = "xxxxxx"

  password = "xxxxxx"



}



resource "kubernetes_service" "nginx" {

  metadata {

    name = "nginx-example"

  }

  spec {

    selector {

      App = "${kubernetes_pod.nginx.metadata.0.labels.App}"

    }

    port {

      port = 80

      target_port = 80

    }



    type = "LoadBalancer"

  }

}



resource "kubernetes_pod" "nginx" {

  metadata {

    name = "nginx-example"

    labels {

      App = "nginx"

    }

  }



  spec {

    container {

      image = "nginx:1.7.8"

      name  = "example"



      port {

        container_port = 80

      }

    }

  }

}


I'm getting the following error after running the terraform apply.




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: the server has asked for the client to provide credentials (post pods)



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I have admin permissions on kubernetes and everything is working correctly.
But for some reason I'm getting that error.



What I'm doing wrong?



Thanks



Regarding @matthew-l-daniel question



When I'm only using the username/password I get this error:




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: Post https://xxx.xxx.xxx.xxx:8443/api/v1/namespaces/default/pods:
    x509: certificate signed by unknown authority



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I tried using the server name or the server ip and got the same error everytime.



When using the certs I got the error from the original post, regarding the "credentials"



I forgot to mention that this is an openshift installation. I don't believe it will have any impact in the end, but I thought I should mention it.






kubernetes terraform







share|improve this question

























  • It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

    – Matthew L Daniel
    Nov 24 '18 at 18:16






  • 1





    Why not use helm-charts to deploy nginx? Seems much easier than terraform?

    – Gavin
    Dec 3 '18 at 16:48
















6















I'm trying to make a simple test to build a simple nginx on kubernetes from terraform.
This is the first time working terraform.



This is the basic terraform file:



provider "kubernetes" {

  host = "https://xxx.xxx.xxx.xxx:8443"



  client_certificate     = "${file("~/.kube/master.server.crt")}"

  client_key             = "${file("~/.kube/master.server.key")}"

  cluster_ca_certificate = "${file("~/.kube/ca.crt")}"



  username = "xxxxxx"

  password = "xxxxxx"



}



resource "kubernetes_service" "nginx" {

  metadata {

    name = "nginx-example"

  }

  spec {

    selector {

      App = "${kubernetes_pod.nginx.metadata.0.labels.App}"

    }

    port {

      port = 80

      target_port = 80

    }



    type = "LoadBalancer"

  }

}



resource "kubernetes_pod" "nginx" {

  metadata {

    name = "nginx-example"

    labels {

      App = "nginx"

    }

  }



  spec {

    container {

      image = "nginx:1.7.8"

      name  = "example"



      port {

        container_port = 80

      }

    }

  }

}


I'm getting the following error after running the terraform apply.




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: the server has asked for the client to provide credentials (post pods)



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I have admin permissions on kubernetes and everything is working correctly.
But for some reason I'm getting that error.



What I'm doing wrong?



Thanks



Regarding @matthew-l-daniel question



When I'm only using the username/password I get this error:




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: Post https://xxx.xxx.xxx.xxx:8443/api/v1/namespaces/default/pods:
    x509: certificate signed by unknown authority



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I tried using the server name or the server ip and got the same error everytime.



When using the certs I got the error from the original post, regarding the "credentials"



I forgot to mention that this is an openshift installation. I don't believe it will have any impact in the end, but I thought I should mention it.






kubernetes terraform







share|improve this question

























  • It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

    – Matthew L Daniel
    Nov 24 '18 at 18:16






  • 1





    Why not use helm-charts to deploy nginx? Seems much easier than terraform?

    – Gavin
    Dec 3 '18 at 16:48














6












6








6


2






I'm trying to make a simple test to build a simple nginx on kubernetes from terraform.
This is the first time working terraform.



This is the basic terraform file:



provider "kubernetes" {

  host = "https://xxx.xxx.xxx.xxx:8443"



  client_certificate     = "${file("~/.kube/master.server.crt")}"

  client_key             = "${file("~/.kube/master.server.key")}"

  cluster_ca_certificate = "${file("~/.kube/ca.crt")}"



  username = "xxxxxx"

  password = "xxxxxx"



}



resource "kubernetes_service" "nginx" {

  metadata {

    name = "nginx-example"

  }

  spec {

    selector {

      App = "${kubernetes_pod.nginx.metadata.0.labels.App}"

    }

    port {

      port = 80

      target_port = 80

    }



    type = "LoadBalancer"

  }

}



resource "kubernetes_pod" "nginx" {

  metadata {

    name = "nginx-example"

    labels {

      App = "nginx"

    }

  }



  spec {

    container {

      image = "nginx:1.7.8"

      name  = "example"



      port {

        container_port = 80

      }

    }

  }

}


I'm getting the following error after running the terraform apply.




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: the server has asked for the client to provide credentials (post pods)



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I have admin permissions on kubernetes and everything is working correctly.
But for some reason I'm getting that error.



What I'm doing wrong?



Thanks



Regarding @matthew-l-daniel question



When I'm only using the username/password I get this error:




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: Post https://xxx.xxx.xxx.xxx:8443/api/v1/namespaces/default/pods:
    x509: certificate signed by unknown authority



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I tried using the server name or the server ip and got the same error everytime.



When using the certs I got the error from the original post, regarding the "credentials"



I forgot to mention that this is an openshift installation. I don't believe it will have any impact in the end, but I thought I should mention it.






kubernetes terraform







share|improve this question
















I'm trying to make a simple test to build a simple nginx on kubernetes from terraform.
This is the first time working terraform.



This is the basic terraform file:



provider "kubernetes" {

  host = "https://xxx.xxx.xxx.xxx:8443"



  client_certificate     = "${file("~/.kube/master.server.crt")}"

  client_key             = "${file("~/.kube/master.server.key")}"

  cluster_ca_certificate = "${file("~/.kube/ca.crt")}"



  username = "xxxxxx"

  password = "xxxxxx"



}



resource "kubernetes_service" "nginx" {

  metadata {

    name = "nginx-example"

  }

  spec {

    selector {

      App = "${kubernetes_pod.nginx.metadata.0.labels.App}"

    }

    port {

      port = 80

      target_port = 80

    }



    type = "LoadBalancer"

  }

}



resource "kubernetes_pod" "nginx" {

  metadata {

    name = "nginx-example"

    labels {

      App = "nginx"

    }

  }



  spec {

    container {

      image = "nginx:1.7.8"

      name  = "example"



      port {

        container_port = 80

      }

    }

  }

}


I'm getting the following error after running the terraform apply.




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: the server has asked for the client to provide credentials (post pods)



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I have admin permissions on kubernetes and everything is working correctly.
But for some reason I'm getting that error.



What I'm doing wrong?



Thanks



Regarding @matthew-l-daniel question



When I'm only using the username/password I get this error:




Error: Error applying plan:



1 error(s) occurred:




  • kubernetes_pod.nginx: 1 error(s) occurred:


  • kubernetes_pod.nginx: Post https://xxx.xxx.xxx.xxx:8443/api/v1/namespaces/default/pods:
    x509: certificate signed by unknown authority



Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with any
resources that successfully completed. Please address the error above
and apply again to incrementally change your infrastructure.




I tried using the server name or the server ip and got the same error everytime.



When using the certs I got the error from the original post, regarding the "credentials"



I forgot to mention that this is an openshift installation. I don't believe it will have any impact in the end, but I thought I should mention it.






kubernetes terraform




kubernetes terraform






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 '18 at 3:20







radicaled

















asked Nov 24 '18 at 2:04









radicaledradicaled

4031422




4031422













  • It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

    – Matthew L Daniel
    Nov 24 '18 at 18:16






  • 1





    Why not use helm-charts to deploy nginx? Seems much easier than terraform?

    – Gavin
    Dec 3 '18 at 16:48



















  • It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

    – Matthew L Daniel
    Nov 24 '18 at 18:16






  • 1





    Why not use helm-charts to deploy nginx? Seems much easier than terraform?

    – Gavin
    Dec 3 '18 at 16:48

















It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

– Matthew L Daniel
Nov 24 '18 at 18:16





It's very, very weird to have both TLS auth and HTTP Basic "username" and "password"; do you have any such authentication configured for your cluster, that you would expect username+password to do something?

– Matthew L Daniel
Nov 24 '18 at 18:16




1




1





Why not use helm-charts to deploy nginx? Seems much easier than terraform?

– Gavin
Dec 3 '18 at 16:48





Why not use helm-charts to deploy nginx? Seems much easier than terraform?

– Gavin
Dec 3 '18 at 16:48












2 Answers
2






active

oldest

votes


















1














The solution was rather simple, I was using the master crt and key from openshift on terraform.
Then I tested it using the admin crt and key from openshift and it worked.






share|improve this answer































    0














    Aside from the official kubernetes provider documentation suggesting only certificate or basic (user/pass) should be required, this sounds like an OpenShift issue. Have you been able to obtain any logs from the OpenShift cluster?



    Some searching links the message you are seeing to some instability bugs within Kubernetes wherein the kubelet does not properly register after a reboot. I would manually confirm the node shows as Ready in OpenShift before you attempt a deployment, as until this occurs Terraform will not be able to interact with it.



    If in fact the node is not Ready, Terraform is just surfacing the underlying error passed back from OpenShift.



    Separately, the error you are seeing when trying to authenticate using purely certificate parameters is indicative of a misconfiguration. A similar question was raised on the Kubernetes GitHub, and the suggestion there was to investigate the Certificate Authority loaded on to the cluster.






    share|improve this answer

























      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454588%2frun-kubernetes-build-from-terraform%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      The solution was rather simple, I was using the master crt and key from openshift on terraform.
      Then I tested it using the admin crt and key from openshift and it worked.






      share|improve this answer




























        1














        The solution was rather simple, I was using the master crt and key from openshift on terraform.
        Then I tested it using the admin crt and key from openshift and it worked.






        share|improve this answer


























          1












          1








          1







          The solution was rather simple, I was using the master crt and key from openshift on terraform.
          Then I tested it using the admin crt and key from openshift and it worked.






          share|improve this answer













          The solution was rather simple, I was using the master crt and key from openshift on terraform.
          Then I tested it using the admin crt and key from openshift and it worked.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 13 '18 at 14:33









          radicaledradicaled

          4031422




          4031422

























              0














              Aside from the official kubernetes provider documentation suggesting only certificate or basic (user/pass) should be required, this sounds like an OpenShift issue. Have you been able to obtain any logs from the OpenShift cluster?



              Some searching links the message you are seeing to some instability bugs within Kubernetes wherein the kubelet does not properly register after a reboot. I would manually confirm the node shows as Ready in OpenShift before you attempt a deployment, as until this occurs Terraform will not be able to interact with it.



              If in fact the node is not Ready, Terraform is just surfacing the underlying error passed back from OpenShift.



              Separately, the error you are seeing when trying to authenticate using purely certificate parameters is indicative of a misconfiguration. A similar question was raised on the Kubernetes GitHub, and the suggestion there was to investigate the Certificate Authority loaded on to the cluster.






              share|improve this answer






























                0














                Aside from the official kubernetes provider documentation suggesting only certificate or basic (user/pass) should be required, this sounds like an OpenShift issue. Have you been able to obtain any logs from the OpenShift cluster?



                Some searching links the message you are seeing to some instability bugs within Kubernetes wherein the kubelet does not properly register after a reboot. I would manually confirm the node shows as Ready in OpenShift before you attempt a deployment, as until this occurs Terraform will not be able to interact with it.



                If in fact the node is not Ready, Terraform is just surfacing the underlying error passed back from OpenShift.



                Separately, the error you are seeing when trying to authenticate using purely certificate parameters is indicative of a misconfiguration. A similar question was raised on the Kubernetes GitHub, and the suggestion there was to investigate the Certificate Authority loaded on to the cluster.






                share|improve this answer




























                  0












                  0








                  0







                  Aside from the official kubernetes provider documentation suggesting only certificate or basic (user/pass) should be required, this sounds like an OpenShift issue. Have you been able to obtain any logs from the OpenShift cluster?



                  Some searching links the message you are seeing to some instability bugs within Kubernetes wherein the kubelet does not properly register after a reboot. I would manually confirm the node shows as Ready in OpenShift before you attempt a deployment, as until this occurs Terraform will not be able to interact with it.



                  If in fact the node is not Ready, Terraform is just surfacing the underlying error passed back from OpenShift.



                  Separately, the error you are seeing when trying to authenticate using purely certificate parameters is indicative of a misconfiguration. A similar question was raised on the Kubernetes GitHub, and the suggestion there was to investigate the Certificate Authority loaded on to the cluster.






                  share|improve this answer















                  Aside from the official kubernetes provider documentation suggesting only certificate or basic (user/pass) should be required, this sounds like an OpenShift issue. Have you been able to obtain any logs from the OpenShift cluster?



                  Some searching links the message you are seeing to some instability bugs within Kubernetes wherein the kubelet does not properly register after a reboot. I would manually confirm the node shows as Ready in OpenShift before you attempt a deployment, as until this occurs Terraform will not be able to interact with it.



                  If in fact the node is not Ready, Terraform is just surfacing the underlying error passed back from OpenShift.



                  Separately, the error you are seeing when trying to authenticate using purely certificate parameters is indicative of a misconfiguration. A similar question was raised on the Kubernetes GitHub, and the suggestion there was to investigate the Certificate Authority loaded on to the cluster.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Dec 4 '18 at 2:11

























                  answered Dec 4 '18 at 2:05









                  James GJames G

                  779518




                  779518






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53454588%2frun-kubernetes-build-from-terraform%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      Create new schema in PostgreSQL using DBeaver

                      Image
                      0 At the beginning of my current job I had limited access to DB but recently my role is changed to superuser, admin, and owner. My colleague who was the previous DB admin is able to create a schema or change the permissions as there is a permission tab in the properties and he can change permissions by clicking easily. Would you please let me know how I can create schema and change permissions as well? Why his dbeaver looks different from me? He can easily right click on the schema folder on top of all schemas on the left side column and select create new schema while I do not have that, like the following picture I found on the internet. postgresql database-schema dbeaver share | improve this question
                      Read more

                      Deepest pit of an array with Javascript: test on Codility

                      Image
                      0 $begingroup$ This is the question from a Codility test, as a task in an interview: DeepestPit - problem description A non-empty zero-indexed array A consisting of N integers is given. A pit in this array is any triplet of integers (P, Q, R) such that: ·         0 ≤ P < Q < R < N; ·         sequence [A[P], A[P+1], ..., A[Q]] is strictly decreasing, i.e. A[P] > A[P+1] > ... > A[Q]; ·         sequence A[Q], A[Q+1], ..., A[R] is strictly increasing, i.e. A[Q] < A[Q+1] < ... < A[R]. The depth of a pit (P, Q, R) is the number min {A[P] − A[Q], A[R] − A[Q]}. For example, consider array A consisting of 10 elements such that: A[0] = 0 A[1] = 1 A[2] = 3 A[3] = -2 A[4] = 0 A[5] = 1 A[6] = 0 A[7] = -3 A[8] = 2 A[9] = 3 Triplet (2, 3, 4) is
                      Read more

                      Costa Masnaga

                      Image
                      .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
                      Read more