https://pastein.ru/t/Kj8
Загрузка данных
Running with gitlab-runner 15.8.0 (12335144)
on gitlab-runner-gitlab-runner-5c5d8dfd84-fc2jj x3T1Qxkg, system ID: r_0t1aE5p8nfLN
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab-runners
Using Kubernetes executor with image registry.rshbdev.ru/appfarm/infra/images/kube-client-apps:8.21.4 ...
Using attach strategy to execute scripts...
Preparing environment
00:05
Waiting for pod gitlab-runners/runner-x3t1qxkg-project-40367-concurrent-0kn5bt to be running, status is Pending
Waiting for pod gitlab-runners/runner-x3t1qxkg-project-40367-concurrent-0kn5bt to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-x3t1qxkg-project-40367-concurrent-0kn5bt via gitlab-runner-gitlab-runner-5c5d8dfd84-fc2jj...
Getting source from Git repository
00:03
$ git config --global --add url."https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/".insteadOf "https://${CI_SERVER_HOST}" # collapsed multi-line command
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers/.git/
Created fresh repository.
Checking out 2aa6079b as 1.0.12...
Skipping Git submodules setup
Downloading artifacts
00:02
Downloading artifacts for init_dojo (22155663)...
Downloading artifacts from coordinator... ok id=22155663 responseStatus=200 OK token=64_tucSg
Downloading artifacts for devsecops_antivirus_scan (22155664)...
Downloading artifacts from coordinator... ok id=22155664 responseStatus=200 OK token=64_tucSg
Downloading artifacts for secrets_gitleaks (22155665)...
Downloading artifacts from coordinator... ok id=22155665 responseStatus=200 OK token=64_tucSg
Downloading artifacts for sast_semgrep (22155666)...
Downloading artifacts from coordinator... ok id=22155666 responseStatus=200 OK token=64_tucSg
Downloading artifacts for sast_ptai (22155667)...
Downloading artifacts from coordinator... ok id=22155667 responseStatus=200 OK token=64_tucSg
Downloading artifacts for dockerfilegen (22155668)...
Downloading artifacts from coordinator... ok id=22155668 responseStatus=200 OK token=64_tucSg
Downloading artifacts for sca_scan (22155669)...
Downloading artifacts from coordinator... ok id=22155669 responseStatus=200 OK token=64_tucSg
Downloading artifacts for build (22155671)...
Downloading artifacts from coordinator... ok id=22155671 responseStatus=200 OK token=64_tucSg
Downloading artifacts for unit (22155673)...
Downloading artifacts from coordinator... ok id=22155673 responseStatus=200 OK token=64_tucSg
Downloading artifacts for bca_trivy (22155676)...
Downloading artifacts from coordinator... ok id=22155676 responseStatus=200 OK token=64_tucSg
Executing "step_script" stage of the job script
11:37
$ ( umask 0077; mkdir -p ~/.kube && echo "$KUBECONFIG_COMBINED" | base64 -d > ~/.kube/config )
$ if [[ ${IS_SENSITIVE_SYSTEM} = true ]]; then export K8S_CLUSTERS=$K8S_CLUSTERS_SENSITIVE; fi
$ echo 'IS_SENSITIVE_SYSTEM:' $IS_SENSITIVE_SYSTEM
IS_SENSITIVE_SYSTEM: true
$ echo 'TARGET_CLUSTERS:' $K8S_CLUSTERS
TARGET_CLUSTERS: rcsdstbl
$ set -x
++ echo '$ for CLUSTER in $K8S_CLUSTERS; do'
$ for CLUSTER in $K8S_CLUSTERS; do
++ for CLUSTER in $K8S_CLUSTERS
++ echo '$ export CLUSTER=$CLUSTER'
$ export CLUSTER=$CLUSTER
++ export CLUSTER=rcsdstbl
++ CLUSTER=rcsdstbl
++ echo '$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi'
$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi
++ [[ production = production ]]
++ export NAMESPACE=isys-ownfin
++ NAMESPACE=isys-ownfin
++ echo '$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true'
$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true
++ read -r REVISION STATUS
+++ helm --kube-context rcsdstbl -n isys-ownfin history owf-ms-prd-showcase-offers
+++ tail -1
+++ cut -f1,3
++ echo '$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi'
$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi
++ [[ deployed =~ pending ]]
++ echo '$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"'
$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"
++ helmfile --environment rcsdstbl -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers/-/pipelines/3179328 --set additionalWorkloadAnnotations.gitlabCommit=2aa6079b478e3dc4332be498c2d7ed245d79d6b5
== /usr/local/link/helmfile: Initialize base deploy hierarchy in /builds/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers
no matches for path: envs/production/rcsdstbl/helmfile.yaml.gotmpl
Adding repo rshb-charts https://nexus.rshbdev.ru/repository/charts/
"rshb-charts" has been added to your repositories
Comparing release=vault-secrets-owf-ms-prd-showcase-offers, chart=rshb-charts/raw
Comparing release=psvc-owf-ms-prd-showcase-offers, chart=rshb-charts/raw
Comparing release=platform-database-owf-ms-prd-showcase-offers, chart=rshb-charts/raw
Comparing release=links-owf-ms-prd-showcase-offers, chart=rshb-charts/raw
Comparing release=owf-ms-prd-showcase-offers, chart=rshb-charts/base
isys-ownfin, owf-ms-prd-showcase-offers, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: owf-ms-prd-showcase-offers
labels:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
chart: base-1.14.2
release: owf-ms-prd-showcase-offers
heritage: Helm
isys: "ownfin"
psvc: "owf-ms-prd-showcase-offers"
- version: "1.0.11"
+ version: "1.0.12"
workload.topology.app.farm/zone: "rumsk1"
annotations:
- platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 16ef698f
- platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "2466924"
+ gitlabCommit: 2aa6079b478e3dc4332be498c2d7ed245d79d6b5
+ gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers/-/pipelines/3179328
+ platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 2aa6079b
+ platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3179328"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
release: owf-ms-prd-showcase-offers
template:
metadata:
labels:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
chart: base-1.14.2
release: owf-ms-prd-showcase-offers
heritage: Helm
isys: "ownfin"
psvc: "owf-ms-prd-showcase-offers"
- version: "1.0.11"
+ version: "1.0.12"
workload.topology.app.farm/zone: "rumsk1"
annotations:
- checksum/configMapsEnv: "5bb5c0cdb150744b44ad6a3cf54a84804582e27f6c52733d26a12ae05d1975c0"
- checksum/secretEnv: "53e6cfb49ac19fa55c44b397aa95a1e41c66c4916b2c2ed2118e4d4f693de62c"
+ checksum/configMapsEnv: "63117e2456e43ae12d695c0a95bf3bce1901bd7e6d45c0ff261a57eec02ab2ce"
+ checksum/secretEnv: "184fd36009f329a76da3296c4d1c31b2fceb7f2b55378d1a3ac809d50bd023d8"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "200m"
sidecar.istio.io/proxyCPULimit: "510m"
sidecar.istio.io/proxyMemory: "128Mi"
sidecar.istio.io/proxyMemoryLimit: "800Mi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"ownfin-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk1
priorityClassName:
rumsk1
containers:
- name: app
- image: registry.rshbdev.ru/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers:1.0.11
+ image: registry.rshbdev.ru/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers:1.0.12
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: owf-ms-prd-showcase-offers-app-cm-env
- secretRef:
name: owf-ms-prd-showcase-offers-app-secret-env
resources:
limits:
cpu: 800m
memory: 1Gi
requests:
cpu: 200m
memory: 512Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 240
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 60
periodSeconds: 4
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
isys-ownfin, owf-ms-prd-showcase-offers, Service (v1) has changed:
# Source: base/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: owf-ms-prd-showcase-offers
labels:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
chart: base-1.14.2
release: owf-ms-prd-showcase-offers
heritage: Helm
isys: "ownfin"
psvc: "owf-ms-prd-showcase-offers"
- version: "1.0.11"
+ version: "1.0.12"
spec:
ports:
- name: web
port: 80
protocol: TCP
targetPort: 8080
selector:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
release: owf-ms-prd-showcase-offers
type: ClusterIP
isys-ownfin, owf-ms-prd-showcase-offers-app-cm-env, ConfigMap (v1) has changed:
# Source: base/templates/cm-env.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: owf-ms-prd-showcase-offers-app-cm-env
labels:
app: owf-ms-prd-showcase-offers
fullname: owf-ms-prd-showcase-offers
chart: base-1.14.2
release: owf-ms-prd-showcase-offers
heritage: Helm
isys: "ownfin"
psvc: "owf-ms-prd-showcase-offers"
- version: "1.0.11"
+ version: "1.0.12"
workload.topology.app.farm/zone: "rumsk1"
data:
APP_POSTGRESQL_HOST: "10.21.21.111"
APP_POSTGRESQL_NAME: "ownfin-preprod"
APP_POSTGRESQL_PORT: "5432"
APP_POSTGRESQL_SCHEMA: "owf_ms_prd_showcase_offers"
JAVA_OPTS: "-XX:MaxRAMPercentage=75.0 -XX:MinRAMPercentage=75.0 -XX:+AlwaysActAsServerClassMachine"
KAFKA_CONN_SVC: "adapter-ownfin-cluster.isys-ownfin-links:9092"
KAFKA_SECURITY_PROTOCOL: "PLAINTEXT"
PLT_ACCOUNT_REGISTRY_URL: "http://owf-ms-plt-account-registry.isys-ownfin"
PROFILE: "preprod"
STARTUP_REPLICATION_ENABLED: "true"
TOKEN_VALIDATION_SERVICE_URL: "http://owf-ms-plt-token-verification.isys-ownfin"
isys-ownfin, owf-ms-prd-showcase-offers-app-secret-env, Secret (v1) has changed:
+ Changes suppressed on sensitive content of type Secret
Listing releases matching ^pjob-owf-ms-prd-showcase-offers$
Listing releases matching ^exsvc-owf-ms-prd-showcase-offers$
Listing releases matching ^data-owf-ms-prd-showcase-offers$
Listing releases matching ^assets-config-owf-ms-prd-showcase-offers$
Listing releases matching ^owf-ms-prd-showcase-offers-raw$
Listing releases matching ^owf-ms-prd-showcase-offers-grafana-dashboard$
Listing releases matching ^owf-ms-prd-showcase-offers-rumsk1$
Listing releases matching ^owf-ms-prd-showcase-offers-rumsk2$
Upgrading release=owf-ms-prd-showcase-offers, chart=rshb-charts/base
FAILED RELEASES:
NAME
owf-ms-prd-showcase-offers
in deploy/helmfile.yaml: failed processing release owf-ms-prd-showcase-offers: command "/usr/local/link/helm" exited with non-zero status:
PATH:
/usr/local/link/helm
ARGS:
0: helm (4 bytes)
1: --kube-context (14 bytes)
2: rcsdstbl (8 bytes)
3: upgrade (7 bytes)
4: --install (9 bytes)
5: --reset-values (14 bytes)
6: owf-ms-prd-showcase-offers (26 bytes)
7: rshb-charts/base (16 bytes)
8: --version (9 bytes)
9: 1.14.2 (6 bytes)
10: --wait (6 bytes)
11: --timeout (9 bytes)
12: 600s (4 bytes)
13: --atomic (8 bytes)
14: --kube-context (14 bytes)
15: rcsdstbl (8 bytes)
16: --namespace (11 bytes)
17: isys-ownfin (11 bytes)
18: --values (8 bytes)
19: /tmp/helmfile1606394716/isys-ownfin-owf-ms-prd-showcase-offers-values-cd4cbf5bd (79 bytes)
20: --values (8 bytes)
21: /tmp/helmfile3908738004/isys-ownfin-owf-ms-prd-showcase-offers-values-5cd7685756 (80 bytes)
22: --set (5 bytes)
23: additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/crft/ckof/ownfin/backend/prd/owf-ms-prd-showcase-offers/-/pipelines/3179328 (157 bytes)
24: --set (5 bytes)
25: additionalWorkloadAnnotations.gitlabCommit=2aa6079b478e3dc4332be498c2d7ed245d79d6b5 (83 bytes)
26: --history-max (13 bytes)
27: 10 (2 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
Error: UPGRADE FAILED: release owf-ms-prd-showcase-offers failed, and has been rolled back due to atomic being set: timed out waiting for the condition
COMBINED OUTPUT:
Error: UPGRADE FAILED: release owf-ms-prd-showcase-offers failed, and has been rolled back due to atomic being set: timed out waiting for the condition
Uploading artifacts for failed job
00:01
Uploading artifacts...
deploy.env: found 1 matching artifact files and directories
Uploading artifacts as "dotenv" to coordinator... 201 Created id=22160027 responseStatus=201 Created token=64_tucSg
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 1