Device authentication flow fails (Linux only)
If you are unable to complete device authentication against GitHub, you need to install passThis is because GitHub token is stored in an encrypted keyring on your device.
Install pass as described in the Prerequisites.
okctl keeps trying to do the Github Device Authentication Flow while trying to do \<any action>
This is known to happen if pass init <gpg-key-id> has not been run after installing pass.
Initialize pass as described in Prerequisites.
On okctl delete cluster, some resources are not deleted (automatic deletion is coming in a later version)
Workaround: manually delete the following resources:
- It is recommended to delete the infrastructure/ directory and .okctl.yaml file upon successful delete of cluster, as the last manual step.
okctl create cluster: Create identitypool fails / Re-create cluster within short timespan fails
If you do the following:
- Create a cluster
- Delete it
- Create a new cluster with the same domain name (e.g. whatever.oslo.systems)
This might fail if you do these steps within 15 minutes. This is due to DNS resolvers caching NS server records. More details: https://github.com/oslokommune/okctl/pull/231
Workaround: Wait for up to 15 minutes before creating cluster again.
15 minutes is the TTL (Time to live, i.e. cache expiry) of the NS record. You can see this value in Route 53 -> Hosted zones -> Your domain -> NS record for your top domain -> Edit -> See TTL field.
okctl create cluster: Failed to create external secrets helm chart
You get the following error (shortened):
.. creating: external-secrets (elapsed: 1 second 76 microseconds)WARN[0007] failed to process request, because: failed to create external secrets helm chart: failed to update repository: failed to fetch https://kubernetes-charts-incubator.storage.googleapis.com/index.yaml : 403 Forbidden endpoint=create service=helm/externalSecrets
✓ creating
Error:
....
request failed with Internal Server Error, because: failed to create external secrets helm chart: failed to update repository: failed to fetch https://kubernetes-charts-incubator.storage.googleapis.com/index.yaml : 403 Forbidden
This happens because Helm changed URLsto their repositories. Update your ~/.okctl/helm/repositories.yaml, and update URLs from
| Name | Old Location | New Location |
|---|---|---|
| stable | https://kubernetes-charts.storage.googleapis.com | https://charts.helm.sh/stable |
| incubator | https://kubernetes-charts-incubator.storage.googleapis.com | https://charts.helm.sh/incubator |
okctl apply cluster: Always prompts for github machine authentication, even after it has been set
There is an issue with some versions of pinentry-curses where sometimes the prompt to enter a password for you PGP key will not appear. We store the authentication token in a keyring, and since it cannot be decrypted without the password okctl just skips ahead. The solution is to export the following environment variable:
GPG_TTY=$(tty)
export GPG_TTY
This can be done in your current shell before you run okctl commands, or can be put in your .bashrc or similar to ensure you will always be prompted for your encryption key password. A bit more detail explanation can be found on stackoverflow