Test-infra: initupload - exiting with exit code 1
Hi,
Am trying to use using pod-utilities by setting decorate: true in presubmit, I am getting this error
"{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"container "test" in pod "85892c68-5de6-11e8-b4a4-0a580a340107" is waiting to start: PodInitializing","reason":"BadRequest","code":400}"
My config.yaml is here.
Can someone tell what things need to be included to make this work.
/area prow
sipian
All 11 comments
I found that initupload container is exiting with exit code 1. But I cannot see any logs in GCP dashboard.
sipian
on 22 May 2018
@cjwagner @stevekuznetsov
BenTheElder
on 22 May 2018
Yes, gcs_credentials_secret is a kubernetes secret containing GCS credentials.
It would be helpful to get the logs from the initupload container to get more information about what is wrong. You can use kubectl logs -n <pod-namespace> <pod-name> initupload to get the logs from the initupload container if it ran.
You can also get more information about the containers, volume mounting problems, and various other issues with kubectl describe pod -n <pod-namespace> <pod-name>.
cjwagner
on 22 May 2018
logs say gcs_credentials_file: /secrets/gcs/service-account.json not found.
Could you tell how to make service-account.json accessible to prow?
I'm a newbie in k8s and would appreciate some help.
sipian
on 22 May 2018
Should the service-account.json be saved in gs:://bucket-name/secrets/gcs/ or in some directory in the node ?
sipian
on 23 May 2018
No, don't save your service account in the bucket. It belongs in a kubernetes secret. The link that you had previously in the issue description was very similar to what you needed to do. I think it was steps 3 and 4 from this: https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_3_create_service_account_credentials
You just need to export the service account credentials as JSON, then create the kubernetes secret. The secret name should be service-account and the key name should be service-account.json:
kubectl create secret generic service-account --from-file=service-account.json=<PATH-TO-JSON-KEY-FILE>
Yeah it works now. :relieved:
I had been giving the file name as key.json(as given in the tutorial). This had been causing the problem.
Thanks a lot.
P.S. Maybe you can mention this in gcsupload ReadMe. This might be helpful for k8s newbie's
sipian
on 23 May 2018
This same problem bit me (and the same solution of using --from-file=service-account.json=... worked!) when trying to set up a minimal plank configuration in my config.yaml (which, by the way, is not mentioned in https://github.com/kubernetes/test-infra/blob/a04ec99281a655f1b66e43ce4479beb0cd76d3fa/prow/getting_started_deploy.md#add-more-jobs-by-modifying-configyaml).
listx
on 9 Feb 2019
@listx mind sending a patch to the docs? 馃槄
BenTheElder
on 9 Feb 2019
@BenTheElder I don't mind, but I think how I reword the docs depends on #11212. The behavior seems to be that setting decorate: true results in checkconfig telling me to set up a minimal plank config, which then leads me to this present rabbit hole about setting up a gcs_credentials_secret properly. But setting up a plank config can be avoided altogether if we set decorate: false, or at least it looks that way (as I mentioned in #11212).
listx
on 10 Feb 2019
We also had a request for pod-utils without GCS interaction recently, could make that an option
stevekuznetsov
on 10 Feb 2019
Related issues
Aisuko
路
3Comments
BenTheElder
路
4Comments
BenTheElder
路
4Comments
lavalamp
路
3Comments
cjwagner
路
3Comments
Most helpful comment
We also had a request for pod-utils without GCS interaction recently, could make that an option