Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Igor Dianov
@igdianov
Skaffold is building and pushing image to Docker registry...
adam
@adamgmills_twitter
in the skaffold.yaml, I see references to template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.VERSION}}', but I don't know where any of this is getting set
ah. ok
869757312638.dkr.ecr.us-east-1.amazonaws.com
adam
@adamgmills_twitter
this is more of the jenkins error:
Generating tags...
Igor Dianov
@igdianov
The DOCKER_REGISTRY is set in Jenkins Configuration:
image.png
adam
@adamgmills_twitter
yes, and it's set for ecr
so I'm lost as to why we are getting that error. It's set to 869757312638.dkr.ecr.us-east-1.amazonaws.com
Igor Dianov
@igdianov
Give me a sec
The problem comes from Skaffold that tries to inspect base image in order to build it. Can you post your skaffold.yaml?
adam
@adamgmills_twitter
apiVersion: skaffold/v1beta2
kind: Config
build:
  artifacts:
  - image: carpediemsolutionsllc/test-connector
    context: .
    docker: {}
  tagPolicy:
    envTemplate:
      template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.VERSION}}'
  local: {}
deploy:
  kubectl: {}
profiles:
- name: dev
  build:
    tagPolicy:
      envTemplate:
        template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.DIGEST_HEX}}'
    local: {}
  deploy:
    helm:
      releases:
      - name: test-connector
        chartPath: charts/test-connector
        setValueTemplates:
          image.repository: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}'
          image.tag: '{{.DIGEST_HEX}}'
Igor Dianov
@igdianov

Can you change

build:
  local: {}

values with

build:
  local:
    useDockerCLI: true
Then commit the change and see what happens?
This docs explains how Skaffold uses Docker to build images: https://skaffold.dev/docs/how-tos/builders/#dockerfile-locally-with-docker
adam
@adamgmills_twitter
getting closer:
time="2019-09-13T21:09:09Z" level=fatal msg="build failed: build failed: building [carpediemsolutionsllc/test-connector]: build artifact: denied: User: arn:aws:sts::869757312638:assumed-role/eksctl-activiti-cloud-nodegroup-n-NodeInstanceRole-1AJR2L0810J4H/i-05c46e896592458bb is not authorized to perform: ecr:InitiateLayerUpload on resource: arn:aws:ecr:us-east-1:869757312638:repository/carpediemsolutionsllc/test-connector"
[Pipeline] }
Igor Dianov
@igdianov
It looks like your cluster user has denied to access ECR registry. Does your
869757312638.dkr.ecr.us-east-1.amazonaws.com/carpediemsolutionsllc/test-connector Docker image ECR repository exist?
Igor Dianov
@igdianov
There also may be problems using Kubernetes VM Docker to build images. We can try to configure DinD (Docker-in-Docker) container in your Jenkinsfile to bypass using Kubernetes Docker-out-of-Docker and build images like we do in Activiti Example Cloud Connector: https://github.com/Activiti/example-cloud-connector/blob/6d8dccf66bd0249dd0bbdd8b667499c648bcebfb/Jenkinsfile#L9
adam
@adamgmills_twitter
the ecr repo does indeed exist
Igor Dianov
@igdianov
Do you want to try configure DinD?
adam
@adamgmills_twitter
can I just edit the permissions policy on it?
Igor Dianov
@igdianov
You can try and see what happens.
I think it may help if there is missing access policy for the EKS cluster. You can probably compare with your Rb ECR repository.
I think you need to allow your node group instance role to push images
adam
@adamgmills_twitter
that did the trick!
Igor, you are so much help. I almost feel bad taking credit for your work...
Igor Dianov
@igdianov
Cool! I am glad to help. Be ware that using Kubernetes Docker VM for production is not best practice. It is OK to try it out, but in the long run it is best to use DinD or extenal Builder that can plug into Skaffold...
adam
@adamgmills_twitter
good to know. thanks again!
Igor Dianov
@igdianov
Thanks for reporting the problem with Skaffold. I will fix skaffold.yaml in Activiti Quickstarts to useDockerCli... This looks like a gremlin in newer Skaffold
Have you created cluster with jx or manually, i.e. eksctl?
jx cluster create command used to create cluster with ECR registry access and then create ECR repository with all permissions using jx import command. It could be a regression in newer Jx version
adam
@adamgmills_twitter
i used jx cluster create
Igor Dianov
@igdianov
Thanks!
Trinaldi Rizki Permana
@trinaldirizki
@igdianov wow thanks!
Igor Dianov
@igdianov
:thumbsup:
Trinaldi Rizki Permana
@trinaldirizki
I've successfully deployed a custom runtime bundle, and it seems like all process definitions are deployed in the same database. Runtime Bundle A can access the process definition deployed by Runtime Bundle B, and vice versa. Is this the expected behavior?
Elias Ricken de Medeiros
@erdemedeiros
@trinaldirizki the databawe used bhe the runtime bundle is configurable, we recomend to use different database for different runtime bundles
Daniel Muñoz
@daedmunoz

Hi there! Is it possible to use Keycloak Client Secrets (Service Accounts) instead of a user in the Configuration for a Runtime Bundle?

For example in the application.properties file here https://github.com/Activiti/ttc-rb-english-campaign/blob/master/src/main/resources/application.properties you can see:

activiti.keycloak.admin-client-app=${ACT_KEYCLOAK_CLIENT_APP:admin-cli}
activiti.keycloak.client-user=${ACT_KEYCLOAK_CLIENT_USER:client}
activiti.keycloak.client-password=${ACT_KEYCLOAK_CLIENT_PASSWORD:client}

And I would like something like:

activiti.keycloak.admin-client-app=${ACT_KEYCLOAK_CLIENT_APP:admin-cli}
activiti.keycloak.admin-client-secret=${ACT_KEYCLOAK_ADMIN_CLIENT_SECRET:some-secret}
Trinaldi Rizki Permana
@trinaldirizki
@erdemedeiros noted. thanks!
Xavier Vdb
@xavier.vdb_gitlab
hello, i would like to know where i can find a web workflow console for Activiti Cloud ?
is kickstart application compatible?
please
Xavier Vdb
@xavier.vdb_gitlab
is . 7.1.0.M3 - "[Applications/User Interface] ADF demos in community repos" feature ?
Brian M. Folse
@bmfolse

@igdianov I'm working with @adamgmills_twitter on our Activiti Cloud environment with Jenkins X. We're having trouble logging in to the Keycloak console with the default master credentials. We're authenticating 'hruser', 'hradmin', and 'testuser' through the REST API without problems. I see in the 'make install' for activiti-cloud-identity where the Keycloak master username and password are set. But every attempt to authenticate fails with this (from the Keycloak logs):

18:41:08,061 WARN [org.keycloak.events] (default task-6) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=192.168.10.98, error=user_not_found, auth_method=openid-connect, redirect_uri=http://identity.staging.reconvelocity.com/auth/admin/master/console/, code_id=59fdee18-e423-4f01-a27c-b17fb7915c19, username=admin

Brian M. Folse
@bmfolse
@igdianov Never mind. I had the wrong URL for the Console. Should be using Alfresco Identity Service URL: /auth/admin/activiti/console instead of: /auth/admin/master/console.
Igor Dianov
@igdianov
:thumbsup:
Brian M. Folse
@bmfolse
BTW, thanks for your help with Jenkins X and Helm!
Igor Dianov
@igdianov
:thumbsup: You are welcome!