-
-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
env-file generated with values such as: $(_TEL_APP_A__TEL_APP_A_xxxx):$(_TEL_APP_A__TEL_APP_A_yyyy) #2853
Comments
@aaccioly I'm not able to reproduce this. From the looks of it, you've got the agent-injector to inject a traffic-agent sidecar for an already existing traffic-agent. Not sure how that can happen. I've never seen it before. I tested doing
The manifest:
|
Hey @thallgren, thanks for your input and for attempting to reproduce the issue. |
You'll need to check what the intercepted pod looks like when this happens. I suspect multiple recursive injections of the same thing, which isn't good at all. Maybe your client have another webhook that actually renames the injectected traffic-agent, causing a second (and a third) agent to be injected? |
Closing this, as env injections work as expected. |
@thallgren , this is still happening with 2.9.5. A couple of other users have reported the same error as well, I wouldn't close the issue. |
@aaccioly feel free to reopen this if you can provide more info that would help us understand the problem. In particular, I'd be interested in information pertaining to my last comment. No such info has been provided and the reproducers we have work as expected, so this must be something that is very specific to your environment. Unless we get some more information about this so that we have a chance to reproduce, there isn't much that we can do. |
@thallgren , if you send me a specific list of commands that you want me to run I'll be happy to do it. This is neither specific to my environment nor such a difficult issue to reproduce (we had two other folks linking to this issue with similar intermittent problems since I've opened it, theirs went away, mine didn't). |
Start by doing this:
Now remove all your old logs so that we know what gets generated when you reconnect:
What's the output of the status command? Ensure that the agent is uninstalled:
Now, start watching events in the ambassador namespace one terminal using
And please provide the output of This ought to give us a clue of what's going on. |
Hey @thallgren, thanks for reopening the issue. I'll arrange for the logs and outputs from the above command, it will probably take a while since I need clearance from my client before sharing any logs publicly (and everyone is currently on vacations), but I should have it in a week or two. |
Apparently this problem has disappeared from our environment. So I guess that I'm stuck with this one. For anyone else hitting the issue, here's the command that I use to clean up the file:
Version 2.9.5 of telepresence + traffic-manager seems to really helps with this. |
Hi, we still experience this issue with telepresence 2.14.0. We have a service running on GKE and use telepresence to intercept. We have configuration such as - env:
- name: PGUSER
valueFrom:
secretKeyRef:
key: user
name: legal-tool-backend-db-credentials
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: legal-tool-backend-db-credentials
- name: PGDATABASE
value: backend
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: legal-tool-redis-credentials
- name: REDIS_QUEUE_URL
value: redis://:$(REDIS_PASSWORD)@legal-tool-staging-redis-master:6379
- name: DATABASE_URL
value: postgres://$(PGUSER):$(PGPASSWORD)@$(PGHOST):$(PGPORT)/$(PGDATABASE) During interceptions this ends up in env vars such as
As you see, some variables have been replaced correctly while others have not. I have found that it is pretty random which variables are replaced and which are not. To me, it feels like some kind of race condition. I also did all the steps you described earlier @thallgren. The output of
As far as I can see, neither Pod, nor Deployment does contain anything telepresence related at this time except an annotation
After intercepting there is telepresence stuff in deployment/pod such as - name: _TEL_APP_A_DATABASE_URL
value: postgres://$(_TEL_APP_A__TEL_APP_A_PGUSER):$(_TEL_APP_A__TEL_APP_A_PGPASSWORD)@$(_TEL_APP_A_PGHOST):$(_TEL_APP_A_PGPORT)/$(_TEL_APP_A__TEL_APP_A_PGDATABASE) If you do need specifics please let me know, as I don't feel comfortable sharing the whole deployment publicly on the internet. The configmap looks as follows:
Here are the logs: telepresence_logs.zip I did not see any events via If you need more info let me know. |
I found a solution for this problem. Please see this comment for more info. |
Description of the bug
I have containers configured with a combination of Environment Variables and Secrets, such as:
When I intercept a service with a command such as:
It generates something like this:
As you can see, while Telepresence is able to retrieve environment variables and even secrets, it's not dealing with secret expansion correctly. I would expect output such as the following:
Or, alternatively:
The
_TEL_APP_A__TEL_APP_A_
shouldn't be there.Logs:
You can find logs attached bellow:
telepresence_logs.zip
Versions:
The text was updated successfully, but these errors were encountered: