• EN
Question

fresh install of k10 in kubernetes 1.25 / no dashboard available and problem with fluentbit

  • 7 November 2023
  • 1 comment
  • 85 views
J

Hello together

yesterday we installed on a dev kubernetes vanilla system v.1.25 the kasten k10 backup application with helm and like described in the doumentation.

i installed kasten k10 with the following helm options:

 helm install k10 kasten/k10 --namespace=kasten-io --namespace=kasten-io --set auth.basicAuth.enabled=true \
--set auth.basicAuth.htpasswd='admin:$apr1$qrAVXu.v$Q8YVc50vtiS8KPmiyrkld0' --set externalGateway.externalGateway.fqdn.type=external-dns --set externalGateway.fqdn.name=kasten.some.domain.net --set ingress.create=true --set ingress.class=haproxy --set rbac.create=false --set serviceAccount.create=false --set serviceAccount.name=k10-sa

 

if y try to access to the external url (dashboard) i get the error:

{
  "message": "the gateway.kasten-io.1 AuthService is misconfigured; see the logs for more information",
  "request_id": "a42e6308-5eff-461d-a34e-899b99691781",
  "status_code": 500
}

the logs of the auth container:

root@botprodkubm01 ~ # kubectl logs auth-svc-d45bd5f4c-5pr2l
{"File":"kasten.io/k10/kio/tracing/tracing.go","Function":"kasten.io/k10/kio/tracing.StartProfileBuffers","Line":109,"cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","level":"info","msg":"no profile buffers configured","time":"2023-11-07T11:58:27.124Z","version":"6.0.12"}
{"File":"kasten.io/k10/kio/kube/openshift.go","Function":"kasten.io/k10/kio/kube.IsOSRouteGroupAvailable","Line":70,"available":false,"cacheValid":true,"cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","level":"info","msg":"Result cached","time":"2023-11-07T11:58:27.145Z","version":"6.0.12"}
{"File":"kasten.io/k10/kio/auth/auth.go","Function":"kasten.io/k10/kio/auth.Start","Line":116,"auth_type":"basic","cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","level":"info","msg":"Authentication type enabled","time":"2023-11-07T11:58:27.150Z","version":"6.0.12"}
{"File":"kasten.io/k10/rest/srv/authserver/kio_auth_handler.go","Function":"kasten.io/k10/rest/srv/authserver.authHTTPHandler","Line":325,"cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","level":"info","msg":"Setup auth handler","time":"2023-11-07T11:58:27.151Z","version":"6.0.12"}
{"File":"kasten.io/k10/kio/utils/swagger_utils.go","Function":"kasten.io/k10/kio/utils.ServerLogger","Line":11,"cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","level":"info","msg":"Serving auth at http://[::]:8000","time":"2023-11-07T11:58:27.152Z","version":"6.0.12"}
Log message dropped (buffer): {"File":"kasten.io/k10/kio/tracing/tracing.go","Function":"kasten.io/k10/kio/tracing.StartProfileBuffers","Level":"info","Line":109,"Message":"no profile buffers configured","Time":"2023-11-07T11:58:27.124964068Z","cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","version":"6.0.12"}
{"File":"kasten.io/k10/kio/kube/openshift.go","Function":"kasten.io/k10/kio/kube.IsOSRouteGroupAvailable","Level":"info","Line":70,"Message":"Result cached","Time":"2023-11-07T11:58:27.145911736Z","available":false,"cacheValid":true,"cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","version":"6.0.12"}
{"File":"kasten.io/k10/kio/auth/auth.go","Function":"kasten.io/k10/kio/auth.Start","Level":"info","Line":116,"Message":"Authentication type enabled","Time":"2023-11-07T11:58:27.150168203Z","auth_type":"basic","cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","version":"6.0.12"}
{"File":"kasten.io/k10/rest/srv/authserver/kio_auth_handler.go","Function":"kasten.io/k10/rest/srv/authserver.authHTTPHandler","Level":"info","Line":325,"Message":"Setup auth handler","Time":"2023-11-07T11:58:27.151801703Z","cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","version":"6.0.12"}
{"File":"kasten.io/k10/kio/utils/swagger_utils.go","Function":"kasten.io/k10/kio/utils.ServerLogger","Level":"info","Line":11,"Message":"Serving auth at http://[::]:8000","Time":"2023-11-07T11:58:27.152199321Z","cluster_name":"db7940b1-219c-42d4-9de9-c0d395839ad0","hostname":"auth-svc-d45bd5f4c-5pr2l","version":"6.0.12"}
 Error: {"message":"Fluentbit connection error","function":"kasten.io/k10/kio/log/hooks/fluentbit.(*Hook).handle","linenumber":97,"file":"kasten.io/k10/kio/log/hooks/fluentbit/fluentbit.go:97","cause":{"message":"Fluentbit connection problem","function":"kasten.io/k10/kio/log/hooks/fluentbit.(*Hook).dial","linenumber":88,"file":"kasten.io/k10/kio/log/hooks/fluentbit/fluentbit.go:88","cause":{"message":"dial tcp 10.85.92.26:24224: i/o timeout"}}}

the error in the end of the log is the logging-svc container/service:

"=>{"message"=>"Eula not accepted", "function"=>"kasten.io/k10/kio/scheduler.checkLicense", "linenumber"=>186, "file"=>"kasten.io/k10/kio/scheduler/scheduler.go:186"}, "hostname"=>"controllermanager-svc-598c74797-5wqh2", "version"=>"6.0.12"}]
[0] tcp.0: [1699361591.207178165, {"File"=>"kasten.io/k10/kio/scheduler/scheduler.go", "Function"=>"kasten.io/k10/kio/scheduler.(*schedulerRunner).Run", "Level"=>"error", "Line"=>92, "Message"=>"License check failed. Skipping scheduler run.", "Time"=>"2023-11-07T12:53:11.210184004Z", "cluster_name"=>"db7940b1-219c-42d4-9de9-c0d395839ad0", "error"=>{"message"=>"Eula not accepted", "function"=>"kasten.io/k10/kio/scheduler.checkLicense", "linenumber"=>186, "file"=>"kasten.io/k10/kio/scheduler/scheduler.go:186"}, "hostname"=>"controllermanager-svc-598c74797-5wqh2", "version"=>"6.0.12"}]
[0] tcp.0: [1699361606.234792549, {"File"=>"kasten.io/k10/kio/scheduler/scheduler.go", "Function"=>"kasten.io/k10/kio/scheduler.(*schedulerRunner).Run", "Level"=>"error", "Line"=>92, "Message"=>"License check failed. Skipping scheduler run.", "Time"=>"2023-11-07T12:53:26.208866492Z", "cluster_name"=>"db7940b1-219c-42d4-9de9-c0d395839ad0", "error"=>{"message"=>"Eula not accepted", "function"=>"kasten.io/k10/kio/scheduler.checkLicense", "linenumber"=>186, "file"=>"kasten.io/k10/kio/scheduler/scheduler.go:186"}, "hostname"=>"controllermanager-svc-598c74797-5wqh2", "version"=>"6.0.12"}]
Checking the log size...
reading config file /mnt/conf/logrotate.conf
Reading state from file: //mnt/k10state/kasten-io//logrotate.status
Allocating hash table for state file, size 64 entries
Creating new state

Handling 1 logs

rotating pattern: /mnt/k10state/k10.log  1073741824 bytes (6 rotations)
empty log files are rotated, old logs are removed
considering log /mnt/k10state/k10.log
  Now: 2023-11-07 12:53
  Last rotated at 2023-11-07 12:00
  log does not need rotating (log size is below the 'size' threshold

the k10.primer.sh pre shows good

root@botprodkubm01: curl https://docs.kasten.io/tools/k10_primer.sh | bash   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 10660  100 10660    0     0  14683      0 --:--:-- --:--:-- --:--:-- 14662
Namespace option not provided, using default namespace
[1;34mChecking for tools[0m
[0;32m --> Found kubectl[0m
[0;32m --> Found helm[0m
[0;32m --> Found jq[0m
[0;32m --> Found cat[0m
[0;32m --> Found base64[0m
[0;32m --> Found tr[0m
[1;34mChecking if the Kasten Helm repo is present[0m
[0;32m --> The Kasten Helm repo was found[0m
[1;34mChecking for required Helm version (>= v3.9.0)[0m
[0;32m --> No Tiller needed with Helm v3.12.3[0m
[1;34mK10Primer image[0m
[0;32m --> Using Image (gcr.io/kasten-images/k10tools:6.0.12) to run test[0m
[1;34mChecking access to the Kubernetes context kubernetes-admin@kubernetes[0m
[0;32m --> Able to access the default Kubernetes namespace[0m
[1;34mK10 Kanister tools image[0m
[0;32m --> Using Kanister tools image (gcr.io/kasten-images/k10tools:6.0.12) to run test[0m

[1;34mRunning K10Primer Job in cluster with command[0m
[0;32m     ./k10tools primer [0m
serviceaccount/k10-primer created
clusterrolebinding.rbac.authorization.k8s.io/k10-primer created
job.batch/k10primer created
Pod k10primer-knt55 is in Pending phase
Pod Ready!
================================================================
Kubernetes Version Check:
  Valid kubernetes version (v1.25.13)  -  [1;32mOK[0m

RBAC Check:
  Kubernetes RBAC is enabled  -  [1;32mOK[0m

Aggregated Layer Check:
  The Kubernetes Aggregated Layer is enabled  -  [1;32mOK[0m

CSI Capabilities Check:
  VolumeSnapshot CRD-based APIs are not installed  -  [1;31mError[0m

I1107 12:43:12.786701      10 request.go:690] Waited for 1.048745081s due to client-side throttling, not priority and fairness, request: GET:https://10.85.0.1:443/apis/batch/v1
Validating Provisioners: 
rook-ceph.rbd.csi.ceph.com:
  Is a CSI Provisioner  -  [1;32mOK[0m
  VolumeSnapshot CRD-based APIs are not installed  -  [1;31mError[0m
  Storage Classes:
    rook-ceph-block
      Valid Storage Class  -  [1;32mOK[0m

rook-ceph.cephfs.csi.ceph.com:
  Is a CSI Provisioner  -  [1;32mOK[0m
  VolumeSnapshot CRD-based APIs are not installed  -  [1;31mError[0m
  Storage Classes:
    rook-cephfs
      Valid Storage Class  -  [1;32mOK[0m

Validate Generic Volume Snapshot:
  Pod created successfully  -  [1;32mOK[0m
  GVS Backup command executed successfully  -  [1;32mOK[0m
  Pod deleted successfully  -  [1;32mOK[0m
================================================================
serviceaccount "k10-primer" deleted
clusterrolebinding.rbac.authorization.k8s.io "k10-primer" deleted
job.batch "k10primer" deleted

 All Pods are running fine

root@botprodkubm01 /home/jf-admin # kubectl get pod
NAME                                    READY   STATUS    RESTARTS   AGE
aggregatedapis-svc-b5cfc77f6-xprzb      1/1     Running   0          6h46m
auth-svc-d45bd5f4c-5pr2l                1/1     Running   0          6h46m
catalog-svc-6fd9dbc46d-d2tm9            2/2     Running   0          6h46m
controllermanager-svc-598c74797-5wqh2   1/1     Running   0          6h46m
crypto-svc-559cb78585-s5dpg             4/4     Running   0          6h46m
dashboardbff-svc-6cdd989968-485kp       2/2     Running   0          6h46m
executor-svc-74bb49cbc-b4f25            2/2     Running   0          6h46m
executor-svc-74bb49cbc-pvfvl            2/2     Running   0          6h46m
executor-svc-74bb49cbc-qlpfd            2/2     Running   0          6h46m
frontend-svc-6db75444fb-p6br4           1/1     Running   0          6h46m
gateway-8486476798-nqhlj                1/1     Running   0          6h46m
jobs-svc-5b78c55d98-5br9r               1/1     Running   0          6h46m
k10-grafana-5fd9cbddbb-s7nnt            1/1     Running   0          6h46m
kanister-svc-577846d9d6-t2vfc           1/1     Running   0          6h46m
logging-svc-9bb77dc76-lvz6x             1/1     Running   0          6h46m
metering-svc-67fcb9648d-sjdd8           1/1     Running   0          6h46m
prometheus-server-84fff47bc-d65tl       2/2     Running   0          6h46m
state-svc-76d88bdf88-4l9rh              3/3     Running   0          6h46m

the services of all containers

root@botprodkubm01 /home/jf-admin # kubectl get svc
NAME                    TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                               AGE
aggregatedapis-svc      ClusterIP      10.85.145.42    <none>        443/TCP                               6h47m
auth-svc                ClusterIP      10.85.40.207    <none>        8000/TCP                              6h47m
catalog-svc             ClusterIP      10.85.136.250   <none>        8000/TCP                              6h47m
controllermanager-svc   ClusterIP      10.85.198.246   <none>        8000/TCP,18000/TCP                    6h47m
crypto-svc              ClusterIP      10.85.69.5      <none>        8000/TCP,8003/TCP,8001/TCP,8002/TCP   6h47m
dashboardbff-svc        ClusterIP      10.85.248.149   <none>        8000/TCP,8001/TCP                     6h47m
executor-svc            ClusterIP      10.85.100.240   <none>        8000/TCP                              6h47m
frontend-svc            ClusterIP      10.85.54.99     <none>        8000/TCP                              6h47m
gateway                 ClusterIP      10.85.171.7     <none>        8000/TCP                              6h47m
gateway-admin           ClusterIP      10.85.106.147   <none>        8877/TCP                              6h47m
gateway-loadbalancer    LoadBalancer   10.85.35.248    10.46.0.204   8000:31584/TCP                        42d
jobs-svc                ClusterIP      10.85.79.97     <none>        8000/TCP                              6h47m
k10-grafana             ClusterIP      10.85.233.207   <none>        80/TCP                                6h47m
kanister-svc            ClusterIP      10.85.53.180    <none>        8000/TCP                              6h47m
logging-svc             ClusterIP      10.85.92.26     <none>        8000/TCP,24224/TCP,24225/TCP          6h47m
metering-svc            ClusterIP      10.85.154.4     <none>        8000/TCP                              6h47m
prometheus-server       ClusterIP      10.85.165.194   <none>        80/TCP                                6h47m
prometheus-server-exp   ClusterIP      10.85.1.179     <none>        80/TCP                                6h47m
state-svc               ClusterIP      10.85.26.222    <none>        8000/TCP,8001/TCP,8002/TCP            6h47m

The IP of the auth and logging container are true 

root@botprodkubm01 /home/jf-admin # kubectl describe svc logging-svc
Name:              logging-svc
Namespace:         kasten-io
Labels:            app=k10
                   app.kubernetes.io/instance=k10
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=k10
                   component=logging
                   helm.sh/chart=k10-6.0.12
                   heritage=Helm
                   release=k10
                   run=logging-svc
Annotations:       meta.helm.sh/release-name: k10
                   meta.helm.sh/release-namespace: kasten-io
Selector:          run=logging-svc
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.85.92.26
IPs:               10.85.92.26
Port:              http  8000/TCP
TargetPort:        8000/TCP
Endpoints:         10.88.9.34:8000
Port:              logging  24224/TCP
TargetPort:        24224/TCP
Endpoints:         10.88.9.34:24224
Port:              logging-metrics  24225/TCP
TargetPort:        24225/TCP
Endpoints:         10.88.9.34:24225
Session Affinity:  None
Events:            <none>
root@botprodkubm01 /home/jf-admin # kubectl describe svc auth-svc
Name:              auth-svc
Namespace:         kasten-io
Labels:            app=k10
                   app.kubernetes.io/instance=k10
                   app.kubernetes.io/managed-by=Helm
                   app.kubernetes.io/name=k10
                   component=auth
                   helm.sh/chart=k10-6.0.12
                   heritage=Helm
                   release=k10
                   run=auth-svc
Annotations:       getambassador.io/config:
                     ---
                     apiVersion: getambassador.io/v3alpha1
                     kind:  Mapping
                     name:  auth-mapping
                     prefix: /k10/auth-svc/
                     rewrite: /
                     service: auth-svc.kasten-io:8000
                     timeout_ms: 30000
                     hostname: "*"
                     ambassador_id: [ "kasten.io/k10" ]
                   meta.helm.sh/release-name: k10
                   meta.helm.sh/release-namespace: kasten-io
Selector:          run=auth-svc
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.85.40.207
IPs:               10.85.40.207
Port:              http  8000/TCP
TargetPort:        8000/TCP
Endpoints:         10.88.4.195:8000
Session Affinity:  None
Events:            <none>
root@botprodkubm01 /home/jf-admin #

 

so for me looks like the auth-svc can not connect to the logging-svc with fluentbit.

After the helm install i would like to go to the kasten k10 dashboard and accept the license etc. like described in the documentation

somebody got the same problem or somebody can help me to investigate or to sove the problem?

thx in advance for help

cheers,

jose

 

1 comment

safiya
Userlevel 7
Badge +4

@jaiganeshjk 

Safiya

Comment


Terms & Conditions