You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 15, 2023. It is now read-only.
However when deploying the config-validator the git-sync-init initContainer is crashlooping:
kubectl logs --previous deployment/config-validator-debug -n forseti -c git-sync-init
Found 2 pods, using pod/config-validator-764ff4f958-xvx4v
I0115 19:22:45.673995 1 main.go:269] "level"=0 "msg"="starting up" "args"=["/git-sync","-repo=https://source.developers.google.com/p/<my project ID>/r/<my git repo>","-branch=dev","-dest=policy-library","-one-time"]
E0115 19:22:45.834602 1 main.go:294] "msg"="failed to sync repo, aborting" "error"="error running command: exit status 128: \"Cloning into '/tmp/git'...\\nfatal: could not read Username for 'https://source.developers.google.com': No such device or address\\n\""
If I manually exec in a container using the same service account I can confirm that workload identity is properly configured and I'm able to do a manual git clone.
Here's a snippet of the config-validator Deployment manifest that shows the initContainer in question:
Is GKE workload identity supported by the config-validator ? If it isn't then the chart will need to be updated. If it is, I would love to hear what I've been doing wrong and maybe raise a PR to update the documentation.
Thanks,
N
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Based on the helm chart for the config-validator, workload identity is a valid option (https://github.com/forseti-security/helm-charts/blob/master/charts/config-validator/values.yaml#L75-L77).
However when deploying the config-validator the git-sync-init initContainer is crashlooping:
If I manually exec in a container using the same service account I can confirm that workload identity is properly configured and I'm able to do a manual git clone.
Here's a snippet of the config-validator Deployment manifest that shows the initContainer in question:
Is GKE workload identity supported by the config-validator ? If it isn't then the chart will need to be updated. If it is, I would love to hear what I've been doing wrong and maybe raise a PR to update the documentation.
Thanks,
N
The text was updated successfully, but these errors were encountered: