I have a Kubernetes cluster with 2 nodes. Now when I deploy with Gitlab CI to the cluster it will deploy an application normally.
But when I'll add a cronjob service which uses the same image as the application to the charts that are being used by the Gitlab CI (helm charts). it runs on the node where the application itself is also being deployed, but not on the other node.
Error:
Failed to pull image "gitlab.example.nl:4567/v2/namespace/project/manifests/0998034a-ae44-457e-bb5e-3d3304a2fc54": rpc error: code = Unknown desc = Error response from daemon: Get https://gitlab.example.nl:4567/v2/namespace/project/manifests/0998034a-ae44-457e-bb5e-3d3304a2fc54: unauthorized: HTTP Basic: Access denied
Changed urls for not exposing company
Example:
Node1:
Does not run cronjob, because it cannot pull the image.
Node2:
Runs application normally
Runs cronjobs normally
Both the deployment and the cronjob charts do have the ImagePullSecrets
property, I have set the token validity time to 15 minutes
Cronjob.yaml (helm chart)
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ template "trackableappname" . }}-cron
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
imagePullSecrets:
{{ toYaml .Values.image_fpm.secrets | indent 12 }}
volumes:
- name: appdir
emptyDir: {}
{{- if .Values.storage.enabled }}
- name: cron-{{ .Values.storage.name }}-pv-storage
persistentVolumeClaim:
claimName: {{ .Values.storage.name }}-pv-claim
{{- end }}
- name: secrets
secret:
secretName: environment-file
containers:
- name: fpm-{{ .Chart.Name }}-cronjob
image: "{{ .Values.image_fpm.repository }}:{{ .Values.image_fpm.tag }}"
imagePullPolicy: {{ .Values.image_fpm.pullPolicy }}
command: ["/bin/sh"]
args: ["-c", "{{ .Values.application.cronCommand }}"]
volumeMounts:
- name: appdir
mountPath: /var/www/html
{{- if .Values.storage.enabled }}
- name: cron-{{ .Values.storage.name }}-pv-storage
mountPath: /var/www/html/storage
{{- end }}
- name: secrets
mountPath: /var/secrets
{{- if .Values.application.secretName }}
envFrom:
- secretRef:
name: {{ .Values.application.secretName }}
{{- end }}
env:
- name: "APP_DEBUG"
value: "false"
- name: ENVIRONMENT_FILE
valueFrom:
secretKeyRef:
name: environment-file
key: ENVIRONMENT_FILE
initContainers:
- name: copy-{{ .Chart.Name }}-cronjob
image: "{{ .Values.image_workspace.repository }}:{{ .Values.image_workspace.tag }}"
command: ["/bin/sh"]
args: ["-c", "{{ .Values.application.initCommand }}"]
env:
- name: ENVIRONMENT_FILE
valueFrom:
secretKeyRef:
name: environment-file
key: ENVIRONMENT_FILE
volumeMounts:
- name: appdir
mountPath: /var/www/application
imagePullPolicy: {{ .Values.image_fpm.pullPolicy }}
restartPolicy: OnFailure