More intuitive errors when the SSH secret isn't specified for SSH source
Opened this issue · 1 comments
netthier commented
Controller
- KluctlDeployment
Who are you?
DevOps Engineer
What do you want to do?
I accidentally deployed a KluctlDeployment
pulling from an SSH Git source, but forgot to specify the secretRef
:
apiVersion: flux.kluctl.io/v1alpha1
kind: KluctlDeployment
metadata:
name: foo
namespace: bar
spec:
interval: 1m
source:
url: ssh://git@git.example.org:2222/infra/kluctl-templates.git
path: "./foo"
context: default
prune: true
delete: true
It then failed to deploy with the following status: failed clone source: ssh: handshake failed: mkdir /.ssh: read-only file system
.
The controller produced the following logs:
{"level":"info","ts":"2023-03-31T16:02:22.405Z","msg":"Updating git cache for ssh://git@git.example.org:2222/infra/kluctl-templates.git","c
ontroller":"kluctldeployment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","
namespace":"keycloak"},"namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"info","ts":"2023-03-31T16:02:22.406Z","msg":"Failed to connect to ssh agent for url ssh://git@git.example.org:2222/infra/kluctl-t
emplates.git: SSH agent requested but SSH_AUTH_SOCK not-specified","controller":"kluctldeployment","controllerGroup":"flux.kluctl.io","contr
ollerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},"namespace":"keycloak","name":"keycloak","reconc
ileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"info","ts":"2023-03-31T16:02:22.430Z","msg":"ssh: handshake failed: mkdir /.ssh: read-only file system","controller":"kluctldeploy
ment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},"
namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6"}
{"level":"error","ts":"2023-03-31T16:02:22.436Z","msg":"Reconciliation failed after 30.840937ms, next try in 1m0s","controller":"kluctldeplo
yment","controllerGroup":"flux.kluctl.io","controllerKind":"KluctlDeployment","KluctlDeployment":{"name":"keycloak","namespace":"keycloak"},
"namespace":"keycloak","name":"keycloak","reconcileID":"3cf4387c-5b91-45aa-8899-0eee1fe5dec6","revision":"","error":"failed clone source: ss
h: handshake failed: mkdir /.ssh: read-only file system"}
I would like the error to be a bit more intuitive, possible referencing the missing secret directly.
Why do you need that?
People (such as me 10 minutes ago) will spend less time troubleshooting should they run into the same error.
codablock commented
I agree that a better error message is needed. At the same time this issue reveals that the controller should properly set the SSH home when doing ssh related stuff :)