More intuitive errors when the SSH secret isn't specified for SSH source

Question

More intuitive errors when the SSH secret isn't specified for SSH source

Opened this issue 2 years ago · 1 comments

netthier commented 2 years ago

Controller

KluctlDeployment

Who are you?

DevOps Engineer

What do you want to do?

I accidentally deployed a KluctlDeployment pulling from an SSH Git source, but forgot to specify the secretRef:

apiVersion: flux.kluctl.io/v1alpha1
kind: KluctlDeployment
metadata:
  name: foo
  namespace: bar
spec:
  interval: 1m
  source:
    url: ssh://git@git.example.org:2222/infra/kluctl-templates.git
    path: "./foo"
  context: default
  prune: true
  delete: true

It then failed to deploy with the following status: failed clone source: ssh: handshake failed: mkdir /.ssh: read-only file system.

The controller produced the following logs:

{"level":"info","ts":"2023-03-31T16:02:22.405Z","msg":"Updating git cache for ssh://git@git.example.org:2222/infra/kluctl-templates.git","c
ontroller":"kluctldeployment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","
namespace":"keycloak"},"namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"info","ts":"2023-03-31T16:02:22.406Z","msg":"Failed to connect to ssh agent for url ssh://git@git.example.org:2222/infra/kluctl-t
emplates.git: SSH agent requested but SSH_AUTH_SOCK not-specified","controller":"kluctldeployment","controllerGroup":"flux.kluctl.io","contr
ollerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},"namespace":"keycloak","name":"keycloak","reconc
ileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"info","ts":"2023-03-31T16:02:22.430Z","msg":"ssh: handshake failed: mkdir /.ssh: read-only file system","controller":"kluctldeploy
ment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},"
namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"error","ts":"2023-03-31T16:02:22.436Z","msg":"Reconciliation failed after 30.840937ms, next try in 1m0s","controller":"kluctldeplo
yment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},
"namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6","revision":"","error":"failed clone source: ss
h: handshake failed: mkdir /.ssh: read-only file system"}

I would like the error to be a bit more intuitive, possible referencing the missing secret directly.

Why do you need that?

People (such as me 10 minutes ago) will spend less time troubleshooting should they run into the same error.

Answer 1 · 2023-04-11T07:34:35.000Z

I agree that a better error message is needed. At the same time this issue reveals that the controller should properly set the SSH home when doing ssh related stuff :)