This repository has been archived by the owner on May 16, 2023. It is now read-only.
This repository has been archived by the owner on May 16, 2023. It is now read-only.
Closed
Description
openedon Jun 28, 2019
Chart version:
7.1.1
Kubernetes version:
1.13.0
Kubernetes provider: E.g. GKE (Google Kubernetes Engine)
Kubespray
Helm Version:
2.13
helm get release output:
$ helm get helm-kibana-security
REVISION: 1
RELEASED: Fri Jun 28 21:02:23 2019
CHART: kibana-7.1.1
USER-SUPPLIED VALUES:
elasticsearchHosts: https://security-master:9200
extraEnvs:
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
key: username
name: elastic-credentials
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: elastic-credentials
kibanaConfig:
kibana.yml: |
server.ssl:
enabled: true
key: /usr/share/kibana/config/certs/kibana/kibana.key
certificate: /usr/share/kibana/config/certs/kibana/kibana.crt
xpack.security.encryptionKey: something_at_least_32_characters
elasticsearch.ssl:
certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem
verificationMode: certificate
protocol: https
secretMounts:
- name: elastic-certificate-pem
path: /usr/share/kibana/config/certs
secretName: elastic-certificate-pem
- name: kibana-certificates
path: /usr/share/kibana/config/certs/kibana
secretName: kibana-certificates
COMPUTED VALUES:
affinity: {}
antiAffinity: hard
antiAffinityTopologyKey: kubernetes.io/hostname
elasticsearchHosts: https://security-master:9200
elasticsearchURL: ""
extraEnvs:
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
key: username
name: elastic-credentials
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: elastic-credentials
fullnameOverride: ""
healthCheckPath: /app/kibana
httpPort: 5601
image: docker.elastic.co/kibana/kibana
imagePullPolicy: IfNotPresent
imagePullSecrets: []
imageTag: 7.1.1
ingress:
annotations: {}
enabled: false
hosts:
- chart-example.local
path: /
tls: []
kibanaConfig:
kibana.yml: |
server.ssl:
enabled: true
key: /usr/share/kibana/config/certs/kibana/kibana.key
certificate: /usr/share/kibana/config/certs/kibana/kibana.crt
xpack.security.encryptionKey: something_at_least_32_characters
elasticsearch.ssl:
certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem
verificationMode: certificate
maxUnavailable: 1
nameOverride: ""
nodeSelector: {}
podSecurityContext:
fsGroup: 1000
priorityClassName: ""
protocol: https
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
replicas: 1
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 300m
memory: 500m
secretMounts:
- name: elastic-certificate-pem
path: /usr/share/kibana/config/certs
secretName: elastic-certificate-pem
- name: kibana-certificates
path: /usr/share/kibana/config/certs/kibana
secretName: kibana-certificates
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
serverHost: 0.0.0.0
service:
annotations: {}
nodePort: 30999
port: 5601
type: NodePort
serviceAccount: ""
tolerations: []
updateStrategy:
type: Recreate
HOOKS:
MANIFEST:
---
# Source: kibana/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: helm-kibana-security-kibana-config
labels:
app: kibana
release: "helm-kibana-security"
data:
kibana.yml: |
server.ssl:
enabled: true
key: /usr/share/kibana/config/certs/kibana/kibana.key
certificate: /usr/share/kibana/config/certs/kibana/kibana.crt
xpack.security.encryptionKey: something_at_least_32_characters
elasticsearch.ssl:
certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem
verificationMode: certificate
---
# Source: kibana/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: helm-kibana-security-kibana
labels:
app: kibana
release: "helm-kibana-security"
heritage: Tiller
spec:
type: NodePort
ports:
- port: 5601
nodePort: 30999
protocol: TCP
name: http
targetPort: 5601
selector:
app: kibana
release: "helm-kibana-security"
---
# Source: kibana/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: helm-kibana-security-kibana
labels:
app: kibana
release: "helm-kibana-security"
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: kibana
release: "helm-kibana-security"
template:
metadata:
labels:
app: kibana
release: "helm-kibana-security"
annotations:
configchecksum: 267bd33171fad555b70bea0a84d9966ffe76ea9eddb4f89885f3e3fb5ca76e9
spec:
securityContext:
fsGroup: 1000
volumes:
- name: elastic-certificate-pem
secret:
secretName: elastic-certificate-pem
- name: kibana-certificates
secret:
secretName: kibana-certificates
- name: kibanaconfig
configMap:
name: helm-kibana-security-kibana-config
containers:
- name: kibana
securityContext:
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 1000
image: "docker.elastic.co/kibana/kibana:7.1.1"
env:
- name: ELASTICSEARCH_HOSTS
value: "https://security-master:9200"
- name: SERVER_HOST
value: "0.0.0.0"
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
key: username
name: elastic-credentials
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: elastic-credentials
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 3
timeoutSeconds: 5
exec:
command:
- sh
- -c
- |
#!/usr/bin/env bash -e
http () {
local path="${1}"
set -- -XGET -s --fail
if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
fi
curl -k "$@" "https://localhost:5601${path}"
}
http "/app/kibana"
ports:
- containerPort: 5601
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 300m
memory: 500m
volumeMounts:
- name: elastic-certificate-pem
mountPath: /usr/share/kibana/config/certs
- name: kibana-certificates
mountPath: /usr/share/kibana/config/certs/kibana
- name: kibanaconfig
mountPath: /usr/share/kibana/config/kibana.yml
subPath: kibana.yml
Describe the bug:
Deploy kibana from examples/security result in error
Error: release helm-kibana-security failed: timed out waiting for the condition
make: *** [install] Error 1
Steps to reproduce:
-
Deployed elasticsearch + security
-
Deploy kibana + security from examples/security
-
Run the command 'make'
-
Error:
$ make kubectl delete secret kibana-certificates || true Error from server (NotFound): secrets "kibana-certificates" not found vault read -field=kibana.crt secret/devops-ci/helm-charts/kibana/security/certificates | base64 --decode > kibana.crt /bin/sh: vault: command not found vault read -field=kibana.key secret/devops-ci/helm-charts/kibana/security/certificates | base64 --decode > kibana.key /bin/sh: vault: command not found kubectl create secret generic kibana-certificates --from-file=kibana.crt --from-file=kibana.key && \ rm -f kibana.crt kibana.key secret/kibana-certificates created helm upgrade --wait --timeout=600 --install --values ./security.yml helm-kibana-security ../../ ; \ Release "helm-kibana-security" does not exist. Installing it now. Error: release helm-kibana-security failed: timed out waiting for the condition make: *** [install] Error 1 -
The helm-kibana-security pod stuck in 'ContainerCreating'
Expected behavior:
Provide logs and/or server output (if relevant):
Any additional context:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
No labels