|
| 1 | +--- |
| 2 | +title:"Troubleshooting GitOps Runtimes" |
| 3 | +description:"Troubleshoot installation/communication issues for Runtimes" |
| 4 | +--- |
| 5 | + |
| 6 | +##Pre-installation checks or runtime collision check failed |
| 7 | + |
| 8 | +###Possible cause |
| 9 | + |
| 10 | + You have Argo Project components from other installations in your cluster. |
| 11 | + |
| 12 | +###Possible actions |
| 13 | + |
| 14 | +You can either: |
| 15 | +* Install Codefresh GitOps Runtime alongside Community Argo CD |
| 16 | + |
| 17 | +_OR_ |
| 18 | + |
| 19 | +1. Uninstall the Codefresh GitOps Runtime. |
| 20 | +1. Remove the Argo Project components from your cluster. |
| 21 | +1. Reinstall the Codefresh GitOps Runtime. |
| 22 | + |
| 23 | +##`Job has reached the specified backoff limit` error during Helm installation |
| 24 | + |
| 25 | +###Possible cause |
| 26 | +Validation errors in your`values.yaml` file. |
| 27 | +Before initiating the installation, Codefresh automatically validates the`values.yaml` file to verify that the supplied values are correct. |
| 28 | + |
| 29 | +###Possible actions |
| 30 | +1. Get more detailed information on the reason for the validation failure by running: |
| 31 | +`kubectl logs jobs/validate-values -n ${NAMESPACE}` |
| 32 | + where: |
| 33 | +`{NAMESPACE}` is the namespace of the Hybrid GitOps Runtime. |
| 34 | +1. Fix the errors. The table below describes the settings that are validated in the`values` file. |
| 35 | + |
| 36 | + |
| 37 | +| Setting| Validation| |
| 38 | +|----------------------|------------------------------------------------------------------------------------------------------------| |
| 39 | +|`userToken`| If explicitly defined, or defined as a`secretKeyRef` which exists in the current k8s context and the defined namespace.| |
| 40 | +|**Account permissions**| If the user has admin permissions for the account in which they are installing the runtime.| |
| 41 | +|**Runtime name**| If defined, and is unique to the account.| |
| 42 | +|**Access mode**| {::nomarkdown}<ul><li>For tunnel-based, the default, if`accountId` is defined, and matches the account of the`userToken` defined in the file.</li><li>For ingress-based, if the`hosts` array contains at least one entry that is a valid URL (successful HTTP GET).</li><li>If both tunnel-based and ingress-based access modes are disabled, if`runtime.ingressUrl` is defined.</li></ul>{:/}| |
| 43 | +|`gitCredentials`| When defined, includes a Git password either explicitly, or as a`secretKeyRef`, similar to`userToken`. The password or token has the required permissions in the Git provider.| |
| 44 | + |
| 45 | + |
| 46 | +##Pre-installation error: please upgrade to the latest cli version:`v<number>` |
| 47 | + |
| 48 | +###Possible cause |
| 49 | + |
| 50 | +Codefresh has a new CLI version. |
| 51 | + |
| 52 | +###Possible actions |
| 53 | +Run the appropriate command to upgrade to the latest version: |
| 54 | + |
| 55 | + {: .table .table-bordered .table-hover} |
| 56 | +| Download mode| OS| Command| |
| 57 | +| --------------| ----------| ----------| |
| 58 | +|`Curl`| MacOS-x64| `curl -L --output -https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-darwin-amd64.tar.gz| tar zx && mv ./cf-darwin-amd64 /usr/local/bin/cf && cf version`| |
| 59 | +|| MacOS-m1|`curl -L --output -https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-darwin-arm64.tar.gz| tar zx && mv ./cf-darwin-arm64 /usr/local/bin/cf && cf version`| |
| 60 | +|| Linux - X64|`curl -L --output -https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-linux-amd64.tar.gz| tar zx && mv ./cf-linux-amd64 /usr/local/bin/cf && cf version`| |
| 61 | +|| Linux - ARM| `curl -L --output -https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-linux-arm64.tar.gz| tar zx && mv ./cf-linux-arm64 /usr/local/bin/cf && cf version`| |
| 62 | +|`Brew`| N/A|`brew tap codefresh-io/cli && brew install cf2`| |
| 63 | + |
| 64 | +##Failed to bootstrap repository: authentication required |
| 65 | + |
| 66 | +###Possible cause |
| 67 | + |
| 68 | +The Git Runtime token provided for installation is not valid. |
| 69 | + |
| 70 | +###Possible actions |
| 71 | + |
| 72 | +* Make sure the token: |
| 73 | +* Has a valid expiration date. |
| 74 | +* Scope includes`repo` and`admin-repo.hook` |
| 75 | + |
| 76 | +##Failed adding git integration <...> 404 not found |
| 77 | + |
| 78 | +###Possible cause |
| 79 | + |
| 80 | +Another process is probably occupying the address you provided as your`ingress-host`. |
| 81 | + |
| 82 | +###Possible actions |
| 83 | + |
| 84 | +* Terminate the process to free up the address. |
| 85 | + |
| 86 | +##Failed to create default git integration:...failed making a graphql API call...the HTTP request failed |
| 87 | + |
| 88 | +###Possible cause |
| 89 | + |
| 90 | +The Ingress controller does not have a valid SSL certificate. The certificate must be from a Certificate Authority. |
| 91 | + |
| 92 | +###Possible actions |
| 93 | + |
| 94 | +1. Get a valid CA-signed certificate for the Ingress controller. |
| 95 | +1. Run the Runtime installation. |
| 96 | + |
| 97 | +_OR_ |
| 98 | + |
| 99 | +* Continue with the runtime installation in`insecure` mode: |
| 100 | + |
| 101 | +`cf intg git add default --api-url https://api.github.com --runtime <runtime_name> --insecure` |
| 102 | + where: |
| 103 | +`<runtime_name>` is the name of the runtime installation. |
| 104 | + |
| 105 | +##Failed to create default git integration:...GraphQL Error (Code: 401): ("response":{"error":"Unauthorized: Invalid token."status":401, "headers":{}}..) |
| 106 | + |
| 107 | +###Possible cause |
| 108 | + |
| 109 | +The ingress host specified does not point to the cluster selected for runtime installation. |
| 110 | + |
| 111 | +###Possible actions |
| 112 | + |
| 113 | +Make sure the ingress host points to the cluster on which the runtime is installed. |
| 114 | + |
| 115 | +##Timeout error, either for applications or while waiting for the installation to complete |
| 116 | + |
| 117 | +###Possible cause |
| 118 | + |
| 119 | +`Cron-executer` has identified that not all your applications are synced and healthy. Runtime installation syncs app status at 10-minute intervals. The timeout occurs if after the last status sync, at least one application is either not synced or healthy. |
| 120 | + |
| 121 | +###Possible actions |
| 122 | + |
| 123 | +Without terminating the runtime install, do the following: |
| 124 | + |
| 125 | +1. In the Argo CD UI, check the status of your apps: |
| 126 | +* Port forward your`argo-cd server` pod using default 8080 ports. |
| 127 | +* Access it via`localhost:8080` with the Username`admin`, and Password which is the decoded`argocd-initial-admin-secret` in your cluster. |
| 128 | + >With`k9s`, in the`secrets` view, press`x`. |
| 129 | +1. If all apps are perfectly synced and healthy, check the logs of the`cron-executor` service. |
| 130 | +1. If the logs don't show a cause for the error, try freeing up resources: |
| 131 | +* Free up memory with`docker system prune -a --volumes`. |
| 132 | +* Increase the resources allocated to your cluster. |
| 133 | + |
| 134 | +##Unable to communicate with`<runtime-name>` or two or more Runtimes |
| 135 | + |
| 136 | +###Possible cause |
| 137 | + |
| 138 | +This error points to an issue with your browser or with your Runtime configuration, and can be due to any of the following: |
| 139 | + |
| 140 | +{{site.data.callout.callout_tip}} |
| 141 | +**TIP** |
| 142 | +Verify that your internet connection is stable. |
| 143 | +{{site.data.callout.end}} |
| 144 | + |
| 145 | +1.[Browser issues](#browser-issues) |
| 146 | + Can occur because of Cross-Origin Request blocked errors. |
| 147 | +1.[Missing SSL certificate](#missing-ssl-certificate) |
| 148 | + Can occur if your Runtime is ingress-based, and without an SSL certificate for the ingress controller. |
| 149 | +1.[Insecure protocol prefix](#insecure-protocol-prefix) |
| 150 | + Can occur if your Runtime is ingress-based, and using HTTP for the`ingress-host` value instead of HTTPS. |
| 151 | + |
| 152 | +###Possible actions |
| 153 | + |
| 154 | +Follow the steps for the actions listed below in the order in which they are listed. |
| 155 | + |
| 156 | +<br> |
| 157 | + |
| 158 | +####Browser issues |
| 159 | +Try to identify the issue that is preventing communication by accessing your browser's Developer Tools and viewing the Console or Network tabs. |
| 160 | + |
| 161 | +For help on identifying the specific error and the corrective action to take for it, read[MDN web docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors){:target="\_blank"}. |
| 162 | + |
| 163 | +<br> |
| 164 | + |
| 165 | +####Missing SSL certificate |
| 166 | + |
| 167 | +If you need an SSL certificate, copy and install the root CA certificate to the trusted root certificate store on your machine.<br><br> |
| 168 | +OR |
| 169 | +<br><br> |
| 170 | +Configure the browser to trust the runtime's URL and receive content: |
| 171 | + |
| 172 | +1. If you are not in the**GitOps Runtimes** page, from the toolbar, click the**Settings** icon. |
| 173 | +1. From Configuration in the sidebar, select**GitOps Runtimes**. |
| 174 | +1. Select the runtime, and based on your browser, do as required: |
| 175 | +* Chrome: Click**Advanced** and then**Proceed to site**. |
| 176 | +* Firefox: Click**Advanced** and then**Accept the risk and continue**. |
| 177 | +* Safari: Click**Show Certificate**, and then select**Always allow content from site**. |
| 178 | +* Edge: Click**Advanced**, and then select**Continue to site(unsafe)**. |
| 179 | + |
| 180 | +<br> |
| 181 | + |
| 182 | +####Insecure protocol prefix |
| 183 | + |
| 184 | +To continue using the HTTP protocol for your`ingress-host` instead of HTTPS, configure your browser to allow_mixed content_ for`g.codefresh.io`. |
| 185 | +The exact steps differ based on your browser. |
| 186 | + |
| 187 | +{{site.data.callout.callout_warning}} |
| 188 | +**WARNING** |
| 189 | +HTTP connections are unencrypted and less secure. |
| 190 | + Be aware that you are using this at your own risk. |
| 191 | +{{site.data.callout.end}} |
| 192 | + |
| 193 | + |
| 194 | +#####Chrome |
| 195 | + |
| 196 | +1. To the left of the URL, click the Lock icon, and then select**Site settings**. |
| 197 | +1. On the right, scroll down to**Insecure content** and then select**Allow** as the default for`g.codefresh.io`. |
| 198 | +1. Click**Save**. |
| 199 | +1. Reload the page. |
| 200 | + |
| 201 | +<br> |
| 202 | + |
| 203 | +#####Firefox |
| 204 | + |
| 205 | +1. To the left of the URL, click the Lock icon. |
| 206 | +1. Expand**Connection Secure**, and then click**More Information**. |
| 207 | +1. In the Page Info window that appears, click the**Security** tab. |
| 208 | +1. Under Connection, do one of the following: |
| 209 | +* If available, select**Enable HTTP2**. |
| 210 | +* If not available, select**Disable Protection on This Site**, and then click**OK**. |
| 211 | +1. Reload the page. |
| 212 | + |
| 213 | +<br> |
| 214 | + |
| 215 | +#####Safari |
| 216 | + |
| 217 | +1. Go to**Preferences > Advanced**. |
| 218 | +1. Select**Show Develop menu in menu bar**, and close the Preferences window. |
| 219 | +1. From the menu bar, select**Develop**, and then select**Disable Cross-Origin Restrictions**. |
| 220 | +1. Reload the page. |
| 221 | + |
| 222 | +<br> |
| 223 | + |
| 224 | +#####Edge |
| 225 | + |
| 226 | +1. To the left of the URL, click the Lock icon, and then select**Permissions for this site**. |
| 227 | +1. Scroll down to**Location**, and then select**Allow** as the default for`g.codefresh.io`. |
| 228 | +1. Click**Save**. |
| 229 | +1. Reload the page. |