To report a found bug,
please, select the text with the bug and click Report a Bug or
CTRL+ENTER.
Help
system 23.12 of 04/10/2024,
© FORESIGHT
In this article:
Setting Up Access on Creating Persistent Volume and Persistent Volume Claim
The following issues may arise during deployment of a fault-tolerant cluster based on Deckhouse:
Access to the cluster is denied if the system uses self signed certificates.
The Longhorn storage cannot create the persistent volume and persistent volume claim, some pods cannot be written.
Failure of installation of Foresight Mobile Platform in the cluster.
Connection failure on installing Foresight Mobile Platform in the cluster.
To set up access to the cluster when self signed certificates are used:
Open the global configuration module for edit:
kubectl edit mc global
Add the https subsection to the spec > settings > modules sections:
https:
certManager:
clusterIssuerName: selfsigned
mode: CertManager
For example:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: global
spec:
version: 1
settings:
modules:
publicDomainTemplate: '%s.dk1.internal'
https:
certManager:
clusterIssuerName: selfsigned
mode: CertManager
Open the user-authn configuration module for edit:
kubectl edit mc user-authn
Delete the https subsection:
https:
global:
kubeconfigGeneratorMasterCA: ""
mode: Global
Change value of the dexCAMode parameter from DoNotNeed to FromIngressSecret.
For example:
spec:
enabled: true
settings:
controlPlaneConfigurator:
dexCAMode: FromIngressSecret
publishAPI:
enable: true
version: 1
Wait until all Deckhouse queues are cleared:
sudo /opt/deckhouse/bin/kubectl -n d8-system exec -it deploy/deckhouse -c deckhouse -- deckhouse-controller queue list
After executing the operation repeat authorization if the Deckhouse queue is empty.
By default, pod and container security management policies are disabled in the mobile platform.
To set up access on creating persistent volume and persistent volume claim:
Open the fmp/chart/values.yaml file and comment the strings:
containerSecurityContext:
enabled: false
podSecurityContext:
enabled: false
Installation of Foresight Mobile Platform may return the error:
* admission webhook "sgcluster.mutating-webhook.stackgres.io" denied the request: Failure executing: POST at: https://10.222.0.1:443/apis/stackgres.io/v1/namespaces/fmp/sgpoolconfigs. Message: sgpoolconfigs.stackgres.io "generated-from-default-1712323110835" already exists. Received status: Status(apiVersion=v1, code=409, details=StatusDetails(causes=[], group=stackgres.io, kind=sgpoolconfigs, name=generated-from-default-1712323110835, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=sgpoolconfigs.stackgres.io "generated-from-default-1712323110835" already exists, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=AlreadyExists, status=Failure, additionalProperties={}).
To solve the issue, delete Foresight Mobile Platform and reinstall StackGres.
If connection fails during installation of Foresight Mobile Platform, increase timeout and remove the constraint for request body in ingress:
kubectl annotate ingress -n fmp --all --overwrite nginx.ingress.kubernetes.io/proxy-body-size='0'
kubectl annotate ingress -n fmp --all --overwrite nginx.ingress.kubernetes.io/proxy-read-timeout='3600s'
kubectl annotate ingress -n fmp --all --overwrite nginx.ingress.kubernetes.io/proxy-send-timeout='3600s'
See also:
Preparation and Deployment of Fault-Tolerant Cluster Based on Deckhouse