Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

job/eg-gateway-helm-certgen #5223

Closed
zhujiangtao123 opened this issue Feb 6, 2025 · 7 comments
Closed

job/eg-gateway-helm-certgen #5223

zhujiangtao123 opened this issue Feb 6, 2025 · 7 comments
Labels
triage

Comments

@zhujiangtao123
Copy link

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.3.0 -n envoy-gateway-system --create-namespace
Pulled: docker.io/envoyproxy/gateway-helm:v1.3.0
Digest: sha256:9f142766a8388ebaa27d1afa9cc9ffb717d6a6fc96c6118d71642ba6522100dd
Error: INSTALLATION FAILED: failed pre-install: 1 error occurred:
* timed out waiting for the condition

job/eg-gateway-helm-certgen exec is failed
@zirain
Copy link
Member

zirain commented Feb 6, 2025

please check the job/pod log.

@owenhaynes
Copy link
Contributor

owenhaynes commented Feb 6, 2025
edited
Loading

I see this issue with v1.3.0

2025-02-06T10:24:20.133Z        INFO    cmd/certgen.go:65       generated certificates
Error: failed to output certificates: failed to create or update secrets: failed to get secret envoy-gateway-system/envoy-gateway: failed to get server groups: the server has asked for the client to provide credentials
Usage:
  envoy-gateway certgen [flags]

Flags:
  -h, --help        help for certgen
  -l, --local       Generate all the certificates locally.
  -o, --overwrite   Updates the secrets containing the control plane certs.

failed to output certificates: failed to create or update secrets: failed to get secret envoy-gateway-system/envoy-gateway: failed to get server groups: the server has asked for the client to provide credentials

To note I have only see this issue on some clusters I have applied v1.3.0 too

Deployed using argocd as well

@arkodg
Copy link
Contributor

arkodg commented Feb 6, 2025

cc @guydc

@guydc
Copy link
Contributor

guydc commented Feb 6, 2025

Clean installation on a fresh cluster seems to work:

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v1.3.0 -n envoy-gateway-system --create-namespace

Pulled: docker.io/envoyproxy/gateway-helm:v1.3.0
Digest: sha256:9f142766a8388ebaa27d1afa9cc9ffb717d6a6fc96c6118d71642ba6522100dd
NAME: eg
LAST DEPLOYED: Thu Feb 6 16:12:59 2025
NAMESPACE: envoy-gateway-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:

*** PLEASE BE PATIENT: Envoy Gateway may take a few minutes to install ***

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway.

Thank you for installing Envoy Gateway! 🎉
[...]

The logs from @owenhaynes seem to indicate some sort of authorization issue. The RBAC settings seem fine and are created in pre-install as well. Not sure why this is happening.

@owenhaynes, @zhujiangtao123 - can you maybe provide more details on your setup?

@zhujiangtao123
Copy link
Author

sorry, the problem is about my k8s
I have installed it successfully

@owenhaynes
Copy link
Contributor

@guydc I have a feeling its a argocd issue with all the hooks, maybe its worth adding the helm weights to the service account and roles so that they must be created before the job runs

@arkodg
Copy link
Contributor

arkodg commented Feb 7, 2025

is this the same issue as #5082 ? cc @ryanhristovski @shahar-h

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@owenhaynes @zirain @arkodg @zhujiangtao123 @guydc