i have trouble in gitlab ci, when am executing terraform apply locally all is ok(kubectl is working correctly in gitlab ci container and locally), but in executing the same script in gitlab ci throws error that showed below
terraform version locally v0.12.24
terraform version in gitlab ci container v0.12.25
main.tf
provider "google" {
project = "profiline-russia"
region = "us-central1"
zone = "us-central1-c"
}
resource "google_container_cluster" "primary" {
name = "main-cluster"
location = "europe-west3"
remove_default_node_pool = true
initial_node_count = 1
}
resource "google_container_node_pool" "primary_nodes" {
name = "node-pool"
location = "europe-west3"
cluster = google_container_cluster.primary.name
node_count = 1
node_config {
machine_type = "n1-standard-1"
}
}
# dashboard ui
# module "kubernetes_dashboard" {
# source = "cookielab/dashboard/kubernetes"
# version = "0.9.0"
# kubernetes_namespace_create = true
# kubernetes_dashboard_csrf = "random-string"
# }
# deployment server
resource "kubernetes_deployment" "deployment-server" {
metadata {
name = var.data-deployment-server.metadata.name
labels = {
App = var.data-deployment-server.labels.App
}
}
spec {
replicas = 1
selector {
match_labels = {
App = var.data-deployment-server.labels.App
}
}
template {
metadata {
labels = {
App = var.data-deployment-server.labels.App
}
}
spec {
container {
image = var.data-deployment-server.image.name # for passing this i made gcr public
name = var.data-deployment-server.container.name
command = var.data-deployment-server.container.command
port {
container_port = var.data-deployment-server.container.port
}
env {
name = "ENV"
value = "production"
}
env {
name = "DB_USERNAME"
value_from {
secret_key_ref {
name = kubernetes_secret.secret-db.metadata.0.name
key = "db_username"
}
}
}
env {
name = "DB_PASSWORD"
value_from {
secret_key_ref {
name = kubernetes_secret.secret-db.metadata.0.name
key = "db_password"
}
}
}
env {
name = "DB_NAME"
value_from {
secret_key_ref {
name = kubernetes_secret.secret-db.metadata.0.name
key = "db_name"
}
}
}
env {
name = "DEFAULT_BUCKET_NAME"
value = var.default-bucket-name
}
env {
name = "DATABASE_ClOUD_SQL_NAME"
value = var.database-cloud-sql-name
}
env {
name = "PROJECT_GCP_ID"
value = var.project-gcp-id
}
env {
name = "K8S_SA_CLOUD_STORAGE"
value_from {
secret_key_ref {
name = kubernetes_secret.secret-sa-cloud-storage.metadata.0.name
key = "sa-cloud-storage.json"
}
}
}
env {
name = "GOOGLE_APPLICATION_CREDENTIALS"
value = "/app/secrets/sa-cloud-storage.json"
}
liveness_probe {
http_get {
path = "/swagger"
port = var.data-deployment-server.container.port
}
initial_delay_seconds = 10
period_seconds = 10
}
}
container {
image = var.data-cloud-sql-proxy.image.name
name = var.data-cloud-sql-proxy.container.name
command = var.data-cloud-sql-proxy.container.command
volume_mount {
name = var.data-cloud-sql-proxy.volume.name
mount_path = "/secrets/"
read_only = true
}
}
volume {
name = var.data-cloud-sql-proxy.volume.name
secret {
secret_name = kubernetes_secret.secret-gsa.metadata.0.name
}
}
}
}
}
}
resource "kubernetes_service" "service-server" { # wget http://name-service-server:8000/swagger
metadata {
name = var.data-deployment-server.service.name
}
spec {
selector = {
App = var.data-deployment-server.labels.App
}
port {
port = var.data-deployment-server.container.port
}
type = var.data-deployment-server.service.type
}
}
# deployment client-web
resource "kubernetes_deployment" "deployment-client-web" {
metadata {
name = var.data-deployment-client-web.metadata.name
labels = {
App = var.data-deployment-client-web.labels.App
}
}
spec {
replicas = 1
selector {
match_labels = {
App = var.data-deployment-client-web.labels.App
}
}
template {
metadata {
labels = {
App = var.data-deployment-client-web.labels.App
}
}
spec {
container {
image = var.data-deployment-client-web.image.name
command = var.data-deployment-client-web.container.command
name = var.data-deployment-client-web.container.name
port {
container_port = var.data-deployment-client-web.container.port
}
liveness_probe {
http_get {
path = "/"
port = var.data-deployment-client-web.container.port
}
initial_delay_seconds = 300
period_seconds = 10
}
}
}
}
}
}
resource "kubernetes_service" "service-client-web" { # wget http://name-service-server:8000/swagger
metadata {
name = var.data-deployment-client-web.service.name
}
spec {
selector = {
App = var.data-deployment-client-web.labels.App
}
port {
port = var.data-deployment-client-web.container.port
}
type = var.data-deployment-client-web.service.type
}
}
# database
resource "google_sql_database" "database" {
name = "database-profiline-russia"
instance = google_sql_database_instance.db-instance.name
}
resource "google_sql_database_instance" "db-instance" {
name = "db-master-instance"
region = "europe-west3"
database_version = "POSTGRES_11"
settings {
tier = "db-f1-micro"
}
}
resource "google_sql_user" "db-user" {
name = "..."
instance = google_sql_database_instance.db-instance.name
password = "..."
}
resource "kubernetes_secret" "secret-db" {
metadata {
name = "name-secret-db"
}
data = {
db_username = google_sql_user.db-user.name
db_password = google_sql_user.db-user.password
db_name = google_sql_database.database.name
}
type = "Opaque"
}
resource "kubernetes_secret" "secret-gsa" {
metadata {
name = "name-secret-gsa"
}
data = {
"service_account.json" = file(var.cred-sa-default)
}
type = "Opaque"
}
resource "kubernetes_secret" "secret-sa-cloud-storage" {
metadata {
name = "name-secret-sa-cloud-storage"
}
data = {
"sa-cloud-storage.json" = file(var.cred-sa-cloud-storage)
}
type = "Opaque"
}
vars.tf
variable "default-bucket-name" {
type = string
description = "default bucket name(bucket doesnt recreated(created previously by hands))"
}
variable "database-cloud-sql-name" {
type = string
description = "full database name"
}
variable "project-gcp-id" {
type = string
description = "gcp project id"
}
variable "cred-sa-default" {
type = string
description = "default service account credentials file"
}
variable "cred-sa-cloud-storage" {
type = string
description = "cloud storage service account credentials file"
}
variable "data-deployment-server" {
type = object({
metadata = object({
name = string
})
image = object({
name = string
})
labels = object({
App = string
})
container = object({
name = string
command = list(string)
port = number
})
service = object({
name = string
type = string
})
})
}
variable "data-cloud-sql-proxy" {
type = object({
image = object({
name = string
})
container = object({
name = string
command = list(string)
})
volume = object({
name = string
})
})
}
variable "data-deployment-client-web" {
type = object({
metadata = object({
name = string
})
image = object({
name = string
})
labels = object({
App = string
})
container = object({
name = string
command = list(string)
port = number
})
service = object({
name = string
type = string
})
})
}
terraform.tfvars has values of private vars
error in gitlab ci container:
$ terraform apply -auto-approve
kubernetes_secret.secret-sa-cloud-storage: Refreshing state... [id=default/name-secret-sa-cloud-storage]
kubernetes_secret.secret-gsa: Refreshing state... [id=default/name-secret-gsa]
module.kubernetes_dashboard.kubernetes_secret.kubernetes_dashboard_certs: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard-certs]
module.kubernetes_dashboard.kubernetes_namespace.kubernetes_dashboard[0]: Refreshing state... [id=kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_service.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_service_account.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_cluster_role.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_cluster_role_binding.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_role.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_secret.kubernetes_dashboard_csrf: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard-csrf]
module.kubernetes_dashboard.kubernetes_config_map.kubernetes_dashboard_settings: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard-settings]
google_container_cluster.primary: Refreshing state... [id=projects/profiline-russia/locations/europe-west3/clusters/main-cluster]
module.kubernetes_dashboard.kubernetes_service.kubernetes_metrics_scraper: Refreshing state... [id=kubernetes-dashboard/dashboard-metrics-scraper]
kubernetes_service.service-server: Refreshing state... [id=default/name-service-server]
google_sql_database_instance.db-instance: Refreshing state... [id=db-master-instance]
kubernetes_service.service-client-web: Refreshing state... [id=default/name-service-client-web]
module.kubernetes_dashboard.kubernetes_role_binding.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_secret.kubernetes_dashboard_key_holder: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard-key-holder]
google_sql_user.db-user: Refreshing state... [id=username//db-master-instance]
google_sql_database.database: Refreshing state... [id=projects/profiline-russia/instances/db-master-instance/databases/database-profiline-russia]
module.kubernetes_dashboard.kubernetes_deployment.kubernetes_dashboard: Refreshing state... [id=kubernetes-dashboard/kubernetes-dashboard]
module.kubernetes_dashboard.kubernetes_deployment.kubernetes_metrics_scraper: Refreshing state... [id=kubernetes-dashboard/kubernetes-metrics-scraper]
kubernetes_deployment.deployment-client-web: Refreshing state... [id=default/deployment-client-web]
google_container_node_pool.primary_nodes: Refreshing state... [id=projects/profiline-russia/locations/europe-west3/clusters/main-cluster/nodePools/node-pool]
kubernetes_secret.secret-db: Refreshing state... [id=default/name-secret-db]
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/serviceaccounts/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/services/dashboard-metrics-scraper": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/apps/v1/namespaces/kubernetes-dashboard/deployments/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/apps/v1/namespaces/default/deployments/deployment-client-web": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-key-holder": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/default/services/name-service-client-web": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/apps/v1/namespaces/kubernetes-dashboard/deployments/kubernetes-metrics-scraper": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/default/secrets/name-secret-gsa": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/rbac.authorization.k8s.io/v1/clusterroles/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/rbac.authorization.k8s.io/v1/namespaces/kubernetes-dashboard/roles/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-certs": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/default/services/name-service-server": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/default/secrets/name-secret-sa-cloud-storage": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/secrets/kubernetes-dashboard-csrf": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/apis/rbac.authorization.k8s.io/v1/namespaces/kubernetes-dashboard/rolebindings/kubernetes-dashboard": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/default/secrets/name-secret-db": dial tcp [::1]:80: connect: connection refused
Error: Get "http://localhost/api/v1/namespaces/kubernetes-dashboard/configmaps/kubernetes-dashboard-settings": dial tcp [::1]:80: connect: connection refused
Running after_script
00:01
Uploading artifacts for failed job
00:02
ERROR: Job failed: exit code 1