Bootstrap run error: 2 healthcheck failuers
imishchuk-carbon opened this issue · comments
Hello, team.
When I'm trying to use flux_bootstrap_git
to bootstrap my cluster I get the following error:
│ Error: Bootstrap run error
│
│ with flux_bootstrap_git.this,
│ on bootstrap.tf line 5, in resource "flux_bootstrap_git" "this":
│ 5: resource "flux_bootstrap_git" "this" {
│
│ bootstrap failed with 2 health check failure(s): [error while waiting for
│ GitRepository to be ready: 'failed to checkout and determine revision:
│ unable to list remote for 'ssh://git@github.com/org/eks.git': ssh:
│ handshake failed: ssh: unable to authenticate, attempted methods [none
│ publickey], no supported methods remain', error while waiting for
│ Kustomization to be ready: 'context deadline exceeded']
All Flux related resources are created inside EKS so it looks like the only thing that fails is pushing manifests to the repo itself.
Deploy key is created with read/write
permissions.
Secret flux-system:flux-system
is created with correct data
Configuration
resource "flux_bootstrap_git" "this" {
path = format("clusters/%s", terraform.workspace)
kustomization_override = templatefile(
"./kustomization.yaml.tpl",
{
account_id = data.aws_caller_identity.current.id,
role_name = local.kustomize-controller,
}
)
components_extra = [
"image-reflector-controller",
"image-automation-controller",
]
depends_on = [
github_repository_deploy_key.this
]
timeouts = {
create = "5m"
update = "5m"
}
}
provider "github" {
owner = local.github_org
# token is sourced from GITHUB_TOKEN env var
}
resource "tls_private_key" "flux" {
algorithm = "ECDSA"
ecdsa_curve = "P256"
}
resource "github_repository_deploy_key" "this" {
title = format("flux-%s", terraform.workspace)
repository = local.github_repository
key = tls_private_key.flux.public_key_openssh
read_only = "false"
}
provider "flux" {
kubernetes = {
host = data.aws_eks_cluster.this.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority[0].data)
exec = {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
# This requires the awscli to be installed locally where Terraform is executed
args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.this.id]
}
}
git = {
url = "ssh://git@github.com/${local.github_org}/${local.github_repository}.git"
ssh = {
username = "git"
private_key = tls_private_key.flux.private_key_pem
}
branch = var.branch
}
}
flux provider is 1.2.2
PAT permissions used. Both result in same behavior.
read:org, repo, workflow
admin:org, admin:public_key, admin:ssh_signing_key, repo
Any idea what might be the issue?
Apparently, this odd behavior was caused by our .gitgnore
ignoring gotk-*.yaml
files.
Once this was removed, bootstrap worked as expected.
@stefanprodan we should close this issue.