https://pastein.ru/t/_cB
Загрузка данных
Running with gitlab-runner 15.8.0 (12335144)
on gitlab-runner-gitlab-runner-7d64bfd458-xlzsd u1oHxtyM, system ID: r_OKg3w9r0mqgd
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab-runners
Using Kubernetes executor with image registry.rshbdev.ru/appfarm/infra/images/kube-client-apps:8.21.9 ...
Using attach strategy to execute scripts...
Preparing environment
00:05
Waiting for pod gitlab-runners/runner-u1ohxtym-project-82609-concurrent-0nwbvz to be running, status is Pending
Waiting for pod gitlab-runners/runner-u1ohxtym-project-82609-concurrent-0nwbvz to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-u1ohxtym-project-82609-concurrent-0nwbvz via gitlab-runner-gitlab-runner-7d64bfd458-xlzsd...
Getting source from Git repository
00:02
$ git config --global --add url."https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/".insteadOf "https://${CI_SERVER_HOST}" # collapsed multi-line command
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/rshbintech/information-security/application-security/threat-intelligence/lri-back/.git/
Created fresh repository.
Checking out b956d669 as master...
Skipping Git submodules setup
Downloading artifacts
00:01
Downloading artifacts for devsecops_antivirus_scan (22818543)...
Downloading artifacts from coordinator... ok id=22818543 responseStatus=200 OK token=64_z14yZ
Downloading artifacts for dockerfilegen (22818547)...
Downloading artifacts from coordinator... ok id=22818547 responseStatus=200 OK token=64_z14yZ
Executing "step_script" stage of the job script
10:26
$ ( umask 0077; mkdir -p ~/.kube && echo "$KUBECONFIG_COMBINED" | base64 -d > ~/.kube/config )
$ if [[ ${IS_SENSITIVE_SYSTEM} = true ]]; then export K8S_CLUSTERS=$K8S_CLUSTERS_SENSITIVE; fi
$ echo 'IS_SENSITIVE_SYSTEM:' $IS_SENSITIVE_SYSTEM
IS_SENSITIVE_SYSTEM:
$ echo 'TARGET_CLUSTERS:' $K8S_CLUSTERS
TARGET_CLUSTERS: devstbl
$ set -x
++ echo '$ for CLUSTER in $K8S_CLUSTERS; do'
$ for CLUSTER in $K8S_CLUSTERS; do
++ for CLUSTER in $K8S_CLUSTERS
++ echo '$ export CLUSTER=$CLUSTER'
$ export CLUSTER=$CLUSTER
++ export CLUSTER=devstbl
++ CLUSTER=devstbl
++ echo '$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi'
$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi
++ [[ dev = production ]]
++ export NAMESPACE=isys-threat-intelligence-dev
++ NAMESPACE=isys-threat-intelligence-dev
++ echo '$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true'
$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true
++ read -r REVISION STATUS
+++ helm --kube-context devstbl -n isys-threat-intelligence-dev history lri-back
+++ tail -1
+++ cut -f1,3
++ echo '$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi'
$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi
++ [[ deployed =~ pending ]]
++ echo '$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"'
$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"
++ helmfile --environment devstbl -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/information-security/application-security/threat-intelligence/lri-back/-/pipelines/3273266 --set additionalWorkloadAnnotations.gitlabCommit=b956d66984b9616dd92dff354db69ef247e887df
== /usr/local/link/helmfile: Initialize base deploy hierarchy in /builds/rshbintech/information-security/application-security/threat-intelligence/lri-back
no matches for path: envs/dev/devstbl/helmfile.yaml.gotmpl
Adding repo rshb-charts https://nexus.rshbdev.ru/repository/charts/
"rshb-charts" has been added to your repositories
Comparing release=vault-secrets-lri-back, chart=rshb-charts/raw
Comparing release=psvc-lri-back, chart=rshb-charts/raw
Comparing release=platform-database-lri-back, chart=rshb-charts/raw
Comparing release=links-lri-back, chart=rshb-charts/raw
Comparing release=lri-back, chart=rshb-charts/base
isys-threat-intelligence-dev, lri-back, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: lri-back
labels:
app: lri-back
fullname: lri-back
chart: base-1.15.2
release: lri-back
heritage: Helm
isys: "threat-intelligence-dev"
psvc: "lri-back"
version: "master"
workload.topology.app.farm/zone: "rumsk1"
annotations:
- gitlabCommit: 8c2b781de2c3a2c8ce69ccd9b8457965c8f9d2a9
- gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/information-security/application-security/threat-intelligence/lri-back/-/pipelines/3269455
- platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 8c2b781d
- platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3269455"
+ gitlabCommit: b956d66984b9616dd92dff354db69ef247e887df
+ gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/information-security/application-security/threat-intelligence/lri-back/-/pipelines/3273266
+ platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: b956d669
+ platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3273266"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: lri-back
fullname: lri-back
release: lri-back
template:
metadata:
labels:
app: lri-back
fullname: lri-back
chart: base-1.15.2
release: lri-back
heritage: Helm
isys: "threat-intelligence-dev"
psvc: "lri-back"
version: "master"
workload.topology.app.farm/zone: "rumsk1"
annotations:
checksum/configMapsEnv: "353f3e6c248ccc701a0980b4c447a3914f5f87adbb2ace5b07ed4a56b1b3a3e6"
checksum/secretEnv: "fb55e610a13dd285073d90477319775e7de48cf6e3e0900dd3bbc8d1d7f86c04"
- ci/commithash: "8c2b781d"
+ ci/commithash: "b956d669"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "1"
sidecar.istio.io/proxyCPULimit: "1"
sidecar.istio.io/proxyMemory: "100Mi"
sidecar.istio.io/proxyMemoryLimit: "1Gi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"threat-intelligence-dev-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
automountServiceAccountToken: false
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk1
+ priorityClassName: rumsk1
containers:
- name: app
image: registry.rshbdev.ru/rshbintech/information-security/application-security/threat-intelligence/lri-back:master
imagePullPolicy: Always
envFrom:
- configMapRef:
name: lri-back-app-cm-env
- secretRef:
name: lri-back-app-secret-env
resources:
limits:
cpu: 5
memory: 3Gi
requests:
cpu: 1
memory: 512Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 15
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- name: app-vault-secrets
mountPath: /secrets
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
- name: app-vault-secrets
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: lri-back-app-secret-provider
Listing releases matching ^pjob-lri-back$
Listing releases matching ^exsvc-lri-back$
Listing releases matching ^data-lri-back$
Listing releases matching ^assets-config-lri-back$
Listing releases matching ^lri-back-raw$
Listing releases matching ^lri-back-grafana-dashboard$
Listing releases matching ^lri-back-rumsk1$
Listing releases matching ^lri-back-rumsk2$
Upgrading release=lri-back, chart=rshb-charts/base
FAILED RELEASES:
NAME
lri-back
in deploy/helmfile.yaml: failed processing release lri-back: command "/usr/local/link/helm" exited with non-zero status:
PATH:
/usr/local/link/helm
ARGS:
0: helm (4 bytes)
1: --kube-context (14 bytes)
2: devstbl (7 bytes)
3: upgrade (7 bytes)
4: --install (9 bytes)
5: --reset-values (14 bytes)
6: lri-back (8 bytes)
7: rshb-charts/base (16 bytes)
8: --version (9 bytes)
9: 1.15.2 (6 bytes)
10: --wait (6 bytes)
11: --timeout (9 bytes)
12: 600s (4 bytes)
13: --atomic (8 bytes)
14: --kube-context (14 bytes)
15: devstbl (7 bytes)
16: --namespace (11 bytes)
17: isys-threat-intelligence-dev (28 bytes)
18: --values (8 bytes)
19: /tmp/helmfile201745616/isys-threat-intelligence-dev-lri-back-values-6d9c6858d (77 bytes)
20: --values (8 bytes)
21: /tmp/helmfile3627959444/isys-threat-intelligence-dev-lri-back-values-6b4b8bd89f (79 bytes)
22: --set (5 bytes)
23: additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/information-security/application-security/threat-intelligence/lri-back/-/pipelines/3273266 (172 bytes)
24: --set (5 bytes)
25: additionalWorkloadAnnotations.gitlabCommit=b956d66984b9616dd92dff354db69ef247e887df (83 bytes)
26: --history-max (13 bytes)
27: 10 (2 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
Error: UPGRADE FAILED: release lri-back failed, and has been rolled back due to atomic being set: timed out waiting for the condition
COMBINED OUTPUT:
Error: UPGRADE FAILED: release lri-back failed, and has been rolled back due to atomic being set: timed out waiting for the condition
Uploading artifacts for failed job
00:02
Uploading artifacts...
deploy.env: found 1 matching artifact files and directories
Uploading artifacts as "dotenv" to coordinator... 201 Created id=22823323 responseStatus=201 Created token=64_z14yZ
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 1