I’m trying to setup Waypoint in my Kubernetes cluster. I’m using an EKS cluster, and I’ve already configured ECR and the required prerequisites for the installation.
I use Argo as my Gitops tool, and I’ve installed the Waypoint’s manifests by deploying the generated manifests from the
waypoint install --platform=kubernetes -accept-tos --show-yaml command.
Everything worked as expected. The pods, services and PVCs started running accordingly, but taking a look at the server logs, I noticed that it required a bootstrap command.
At first, I made a simple port-forward, and the bootstrap executed with success, but since I want to integrate this with other tools, I need to create a route for remote access (without the port-forward).
I’m using Traefik Proxy as my ingress controller, and I’ve created an IngressRoute like the following:
--- kind: IngressRoute apiVersion: traefik.containo.us/v1alpha1 metadata: name: waypoint labels: app.kubernetes.io/name: waypoint app.kubernetes.io/version: 1.0.0 app.kubernetes.io/component: infrastructure app.kubernetes.io/part-of: waypoint spec: entryPoints: - websecure routes: - kind: Rule match: Host(`registry.getbud.co`) priority: 10 services: - name: waypoint port: 9702 scheme: https - kind: Rule match: Host(`registry.getbud.co`) && Headers(`Content-Type`, `application/grpc`) priority: 11 services: - name: waypoint port: 9701
I’ve used the same configs I’m using for ArgoCD, which also has a HTTP interface for a web UI, and a gRPC for CLI.
After that, I’ve removed my PVC, and started a new installation from scratch, to setup and bootstrap the server.
Now, I’m facing two issues:
- When I try to acccess the registry URL: https://registry.getbud.co, I receive and
Internal Server Error, with the following log:
2020/10/21 01:51:42 http: TLS handshake error from 10.0.3.149:32974: remote error: tls: bad certificate
If I understand correctly, the web UI will only works after my TLS certificate is valid, right? Well, that is a staging environment, so problably after deploying to production it will work. Right?
- When I try to interact with the server throught gRPC, I’ve also receive an error, but at this time it is isn’t even routed to the server. For example, if I run:
waypoint server bootstrap -server-addr=registry.getbud.co:443 --server-tls=false
I’ve receive the following output from the CLI:
! failed to create client: rpc error: code = Unimplemented desc = Not Found: HTTP status code 404; transport: received the unexpected content-type "text/plain; charset=utf-8"
Also, no logs appeared at the Waypoint’s server pod. But, at Traefik, the following log appears:
[21/Oct/2020:01:55:11 +0000] "POST /hashicorp.waypoint.Waypoint/GetVersionInfo HTTP/2.0" - - "-" "-" 440 "-" "-" 0ms
I’ve also tried to add the
h2c as the scheme to the gRPC service, like the following:
services: - name: waypoint port: 9701 scheme: h2c
But the issue persists. I receive an 404 error and Traefik’s logs are the same.
After a few test scenarios, I got the following (strange) behavior: If I try to bootstrap remotelly, I got a 502 error, but if I bootstrap using localhost (with port-forward) and them try to bootstrap again, it talks with the server with success and returns that the server is already bootstrapped. Take a look at the logs:
platform@budproj/terraform/accounts/root on feature/waypoint [!] using ☁️ devops@bud at ☸️ v1.18.8-eks-7c9bda bud ❯ waypoint server bootstrap -server-addr=registry.getbud.co:443 -server-tls-skip-verify ! failed to create client: rpc error: code = Unavailable desc = Bad Gateway: HTTP status code 502; transport: received the unexpected content-type "text/plain; charset=utf-8" platform@budproj/terraform/accounts/root on feature/waypoint [!] using ☁️ devops@bud at ☸️ v1.18.8-eks-7c9bda bud ❯ waypoint server bootstrap -server-addr=localhost:9701 -server-tls-skip-verify <token> platform@budproj/terraform/accounts/root on feature/waypoint [!] using ☁️ devops@bud at ☸️ v1.18.8-eks-7c9bda bud ❯ waypoint server bootstrap -server-addr=registry.getbud.co:443 -server-tls-skip-verify ! Error bootstrapping the server: server is already bootstrapped
Any ideas how to fix both issues?