#[SOLVED] The server has asked for the client to provide credentials - Kubernetes CI/CD issue

13 messages · Page 1 of 1 (latest)

viscid onyx
#

Hi there, ive just recently setup a gitlab instance with a k3s cluster attached using a agent.
i have added a simple CI/CD pipeline that builds and tests the code which works good, but when i tried adding the kubernetes deploying part i got stuck :( I'm sorry if this is a really basic question to ask but im new to kubernetes and dont really know how the gitlab agents work.
any help is appreciated!

Have a great day
Meep

i also attached a image of my agents and will be sending the files and errors in seperate chunks because of the message limits

lDv1kLM.png
#

pipeline:

stages:
  - test
  - build
  - deploy


# Test stage
test:
  image: python:3.10-alpine
  stage: test
  script:
    - apk update
    - apk add --no-cache python3 py3-pip python3-dev
    - cd backend
    - python3 -m venv venv
    - source venv/bin/activate
    - pip install -r requirements.txt
    - pip install pytest pytest-cov
    - python -m pytest --cov=app --cov-report=xml tests/
  coverage: '/TOTAL.+ ([0-9]{1,3}%)/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: backend/coverage.xml
    paths:
      - backend/coverage.xml
    expire_in: 1 day

# Build stage
build:
  image: node:18-alpine
  stage: build
  script:
    - cd frontend/indigo
    - npm install
    - npm run build
  artifacts:
    paths:
      - frontend/indigo/dist
    expire_in: 1 week
  only:
    - main
    - merge_requests

# Deploy stage
deploy:
  image: bitnami/kubectl:latest
  stage: deploy
  needs:
    - build
  script:
    - echo "Deploying application to k3s using GitLab Agent..."
    - kubectl config get-contexts
    - kubectl config use-context j.koch/indigo:kube01
    - kubectl apply -f k8s/backend/deployment.yaml --validate=false
    - kubectl apply -f k8s/backend/service.yaml --validate=false
    - kubectl apply -f k8s/frontend/deployment.yaml --validate=false
    - kubectl apply -f k8s/frontend/service.yaml --validate=false
    - kubectl apply -f k8s/ingress.yaml --validate=false
    - kubectl rollout status deployment indigo-backend --timeout=60s
    - kubectl rollout status deployment indigo-frontend --timeout=60s
  only:
    - main
#

deploy job error part 1:

Running with gitlab-runner 17.10.1 (ef334dcc)
  on gitlab-runner-6f58cf64bb-v6nxr t3_SXyP_3, system ID: r_P6o2tDlmBya2
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab
Using Kubernetes executor with image bitnami/kubectl:latest ...
Using attach strategy to execute scripts...
Preparing environment
00:06
Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 10m0s...
Waiting for pod gitlab/runner-t3sxyp3-project-2-concurrent-0-fqqpmlsg to be running, status is Pending
Waiting for pod gitlab/runner-t3sxyp3-project-2-concurrent-0-fqqpmlsg to be running, status is Pending
    ContainersNotReady: "containers with unready status: [build helper]"
    ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-t3sxyp3-project-2-concurrent-0-fqqpmlsg via gitlab-runner-6f58cf64bb-v6nxr...
# 
00:01
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/j.koch/indigo/.git/
Created fresh repository.
Checking out 9cf30dd2 as detached HEAD (ref is main)...
Skipping Git submodules setup
Downloading artifacts
00:01
Downloading artifacts for build (123)...
Downloading artifacts from coordinator... ok        host=gitlab.hexagonical.ch id=123 responseStatus=200 OK token=64_zD3CPq
Executing "step_script" stage of the job script
00:01
$ echo "Deploying application to k3s using GitLab Agent..."
Deploying application to k3s using GitLab Agent...
$ kubectl config get-contexts
CURRENT   NAME                   CLUSTER   AUTHINFO   NAMESPACE
          j.koch/indigo:kube01   gitlab    agent:2    
$ kubectl config use-context j.koch/indigo:kube01
Switched to context "j.koch/indigo:kube01".
$ kubectl apply -f k8s/backend/deployment.yaml --validate=false
E0406 14:11:09.416769      53 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: the server has asked for the client to provide credentials"
error: unable to recognize "k8s/backend/deployment.yaml": the server has asked for the client to provide credentials
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 1
radiant rivet
#

Hi,
Have you configured any role and rolebinding for the user j.koch/indigo:kube01?

viscid onyx
#

Hi Bas, no i dont think so i just installed the agent using helm and the ui

radiant rivet
#

Hi,
Thanks for your answer.
The GitLab agent should use a service account.
What you can do is check if this has sufficient rights.

For reference you could use this guide:
https://kubernetes.io/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i/

Kubernetes
kubectl auth can-i

Synopsis Check whether an action is allowed.
VERB is a logical Kubernetes API verb like 'get', 'list', 'watch', 'delete', etc. TYPE is a Kubernetes resource. Shortcuts and groups will be resolved. NONRESOURCEURL is a partial URL that starts with "/". NAME is the name of a particular Kubernetes resource. This command pairs nicely with impersonati...

viscid onyx
radiant rivet
#

Yes, it seems that you have enough rights.
You could try something like:
kubectl auth can-i create deployments.apps --as=system:serviceaccount:gitlab-agent-kube01:kube01-gitlab-agent

viscid onyx
#

Thanks :) that solved it!

radiant rivet
viscid onyx
#

Have a nice day!

#

[SOLVED] The server has asked for the client to provide credentials - Kubernetes CI/CD issue