-
Notifications
You must be signed in to change notification settings - Fork 267
Tectonic console broken on vSphere #3080
Comments
@lander2k2 as I wrote in #3016, PR #2911 clearly introduced this bug. It changes the ingress controller strategy to nodePort for vmware, however there is no load balancer to PNAT the requests from 443->32000 so the console is never able to reach identity at https://:443/identity. Should we revert the change? |
@squat - yes, I can confirm this. I'm using the lastest versions of both Tectonic (tectonic_1.8.7-tectonic.2) and CoreOS (v1632.3.0) and also use the "builtin" Terraform (v0.10.7). Platform is vSphere 6.5. I had the same issue as the others (everything else was working as expected but console and Prometheus were in CrashLoop) and the solution was to change that NodePort to HostPort on VMware platform configuration file. |
@MikaNikulin thanks for the input. This bug is verified both analytically and practically. I wanted to give @lander2k2 a chance to chime in before reverting the change. |
@squat Sorry I didn't chime in earlier. If we revert this change it will break for some enterprise users of the installer. @bodgit Your assumption that a load balancer should be used is correct. Using I would suggest we update the documentation rather than revert the change. [1] https://kubernetes.io/docs/concepts/configuration/overview/#services |
Opened a PR on docs repo for this: coreos/tectonic-docs#150 |
@lander2k2 I agree with your point about production, however it becomes a lot harder to kick the tyres and test it if I also need to set up a load balancer (which doesn't currently exist for me). Having the configuration tweaks necessary to run without a load balancer mentioned in the documentation is acceptable though. |
Hi guys, I experience similar issues like you stated above but for me the error in console container is this:
Any clues? |
@bodgit if that terraform option is acceptable given the documented ideal flow, then lets close this. I just merged @lander2k2's PR with the updated documentation. |
@galingit this means that the console thinks it is able to contact the identity server, but that the response is malformed in some way. You will need to ensure that when you curl |
@galingit Douple check your DNS settings and then from terraform.tfvars file section -> |
Is this a BUG REPORT or FEATURE REQUEST?
BUG REPORT
Versions
Tectonic version (release or commit hash):
Terraform version (
terraform version
):Platform (aws|azure|openstack|metal|vmware):
What happened?
The install completes cleanly (after working around #3051) however the Tectonic console is inaccessible.
What you expected to happen?
Tectonic console should be accessible
How to reproduce it (as minimally and precisely as possible)?
Follow the instructions here: https://github.com/coreos/tectonic-docs/blob/master/Documentation/install/vmware/vmware-terraform.md
PR #2911 changed the HTTPS ingress port from 443 to 32000 however the tectonic console pods still try to use 443 to access the identity service so they never come up.
I think the intention was that there should be a load balancer used somewhere that balanced port 443 as a service across port 32000 on the worker nodes and that the DNS for the ingress domain should be pointed at the load balancer however that isn't mentioned in the documentation.
Reverting #2911 made the console work again, matching the documentation.
Anything else we need to know?
My original google groups topic is here: https://groups.google.com/d/topic/coreos-user/bsmWjYqdOCs/discussion
This has all of the details of my setup.
References
The text was updated successfully, but these errors were encountered: