-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oidc charm fails to replan after config public-url
#126
Comments
Thank you for reporting us your feedback! The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-5205.
|
public-url
We haven't yet reached to the bottom of it. Summarizing debugging and findings until now (some original discussions here): Debugging
Possible root causesPebbleStarting from the fact that adding
However, looking at the PR I don't see any changes to Fixing
|
Our understanding on how charm works at the moment(quoting @ca-scribner on this)
|
I am not able to reproduce this issue neither in 1.8/stable nor in latest/edge. Here are my steps and relevant information: Charmed Kubeflow 1.8/stableEnv:
Steps:
Logs:
Deploying charms from latest/edge
Logs:
|
UPDATE: I am able to reproduce this issue when deploying I essentially deployed the oidc-gatekeeper from latest/edge rev 312, relate it to dex-auth and istio-pilot, then waited for the unit to go to BlockedStatus waiting for the public-url config. I then configured the public-url and the unit went to
which was already reported. You can also found container logs here. |
I deployed Executing into the container (ckf-1.8/stable)
It is not yet clear to me what introduced the change, but it seems like containers from latest/edge rev312 and ckf-1.8/stable are different from the ones in latest/edge. In fact the "older ones" only have I think, though, that #128 is the right fix for this issue. Thoughts @ca-scribner @orfeas-k ? |
From the upstream Dockerfile, we can confirm that the executable is expected to be run from the ENV APP_HOME=/home/$USER
WORKDIR $APP_HOME
# Copy in binary and give permissions
COPY --from=builder /go/bin/oidc-authservice $APP_HOME
COPY web $APP_HOME/web
RUN chmod +x $APP_HOME/oidc-authservice
RUN chown -R $USER:$GROUP $APP_HOME
USER $USER
ENTRYPOINT [ "./oidc-authservice" ] The question that's left unanswered is why this surfaced now and not earlier.
Comparing the two images from kubeflowmanifests repo and arrikto repo, they both have the same digest ( |
The only thing I can think of is something changed in pebble's behaviour, but I don't see why that would be the case either. Do we just close this in light of #128 at least fixing things most of the time? I don't like accepting "we don't know" as the resolution here, but also don't have a better idea |
Closing then since we cannot reproduce it to the current charms. Let's re-open in case we stumble on this again (although we shouldn't) |
Bug Description
Blocked: public-url config required
juju config oidc-gatekeeper public-url=http://10.64.140.43.nip.io
Blocked: Failed to replan
Logs
aks-juju-debug-log.txt
aks-oidc-container-logs.txt
aks-oidc-pod-yaml.txt
ec2-juju-debug-log.txt
ec2-oidc-container-logs.txt
ec2-oidc-pod-yaml.txt
To Reproduce
With Juju 3.1 and Microk8s 1.26, deploy this minimal kubeflow bundle bundle-yaml.txt
Wait until most charms are green and
IIUC, this is not caught by the charm's integration tests because we pass a dummy public_url and somehow the charm goes to
Active
.container's logs in integration tests
Environment
Both in an EC2 Instance and an AKS cluster.
EC2:
AKS:
Relevant Log Output
<>
Additional Context
No response
The text was updated successfully, but these errors were encountered: