https://pastein.ru/t/dqA
Загрузка данных
Running with gitlab-runner 15.8.0 (12335144)
on gitlab-runner-gitlab-runner-5c5d8dfd84-mrhn4 3Sduy7zd, system ID: r_pxlbVZdKVDlV
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab-runners
Using Kubernetes executor with image registry.rshbdev.ru/appfarm/infra/images/kube-client-apps:8.21.4 ...
Using attach strategy to execute scripts...
Preparing environment
00:12
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-0fn845 to be running, status is Pending
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-0fn845 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-0fn845 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-0fn845 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-0fn845 to be running, status is Pending
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-3sduy7zd-project-58532-concurrent-0fn845 via gitlab-runner-gitlab-runner-5c5d8dfd84-mrhn4...
Getting source from Git repository
00:02
$ git config --global --add url."https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/".insteadOf "https://${CI_SERVER_HOST}" # collapsed multi-line command
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/.git/
Created fresh repository.
Checking out 13869b63 as 6.9.2...
Skipping Git submodules setup
Downloading artifacts
00:03
Downloading artifacts for init_dojo (22500566)...
Downloading artifacts from coordinator... ok id=22500566 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for devsecops_antivirus_scan (22500567)...
Downloading artifacts from coordinator... ok id=22500567 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for secrets_gitleaks (22500568)...
Downloading artifacts from coordinator... ok id=22500568 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for sast_semgrep (22500569)...
Downloading artifacts from coordinator... ok id=22500569 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for sast_ptai (22500570)...
Downloading artifacts from coordinator... ok id=22500570 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for dockerfilegen (22500571)...
Downloading artifacts from coordinator... ok id=22500571 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for sca_scan (22500572)...
Downloading artifacts from coordinator... ok id=22500572 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for build (22500574)...
Downloading artifacts from coordinator... ok id=22500574 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for unit (22500576)...
Downloading artifacts from coordinator... ok id=22500576 responseStatus=200 OK token=64_TX3QS
Downloading artifacts for bca_trivy (22500579)...
Downloading artifacts from coordinator... ok id=22500579 responseStatus=200 OK token=64_TX3QS
Executing "step_script" stage of the job script
10:10
$ ( umask 0077; mkdir -p ~/.kube && echo "$KUBECONFIG_COMBINED" | base64 -d > ~/.kube/config )
$ if [[ ${IS_SENSITIVE_SYSTEM} = true ]]; then export K8S_CLUSTERS=$K8S_CLUSTERS_SENSITIVE; fi
$ echo 'IS_SENSITIVE_SYSTEM:' $IS_SENSITIVE_SYSTEM
IS_SENSITIVE_SYSTEM: true
$ echo 'TARGET_CLUSTERS:' $K8S_CLUSTERS
TARGET_CLUSTERS: rcsdstbl
$ set -x
++ echo '$ for CLUSTER in $K8S_CLUSTERS; do'
$ for CLUSTER in $K8S_CLUSTERS; do
++ for CLUSTER in $K8S_CLUSTERS
++ echo '$ export CLUSTER=$CLUSTER'
$ export CLUSTER=$CLUSTER
++ export CLUSTER=rcsdstbl
++ CLUSTER=rcsdstbl
++ echo '$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi'
$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi
++ [[ production = production ]]
++ export NAMESPACE=isys-efr
++ NAMESPACE=isys-efr
++ echo '$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true'
$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true
++ read -r REVISION STATUS
+++ helm --kube-context rcsdstbl -n isys-efr history cdi-person-service
+++ tail -1
+++ cut -f1,3
++ echo '$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi'
$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi
++ [[ deployed =~ pending ]]
++ echo '$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"'
$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"
++ helmfile --environment rcsdstbl -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052 --set additionalWorkloadAnnotations.gitlabCommit=13869b63b0ab42012f09a79242fe7c6def13a86d
== /usr/local/link/helmfile: Initialize base deploy hierarchy in /builds/rshbintech/retail/frontsystem/efr/biz/cdi-person-service
no matches for path: envs/production/rcsdstbl/helmfile.yaml.gotmpl
Adding repo rshb-charts https://nexus.rshbdev.ru/repository/charts/
"rshb-charts" has been added to your repositories
Comparing release=vault-secrets-cdi-person-service, chart=rshb-charts/raw
Comparing release=psvc-cdi-person-service, chart=rshb-charts/raw
Comparing release=platform-database-cdi-person-service, chart=rshb-charts/raw
Comparing release=links-cdi-person-service, chart=rshb-charts/raw
Comparing release=cdi-person-service-rumsk1, chart=rshb-charts/base
isys-efr, cdi-person-service-rumsk1, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cdi-person-service-rumsk1
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
chart: base-1.14.2
release: cdi-person-service-rumsk1
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk1"
annotations:
gitlabCommit: 13869b63b0ab42012f09a79242fe7c6def13a86d
gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052
platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 13869b63
platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3228052"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
release: cdi-person-service-rumsk1
template:
metadata:
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
chart: base-1.14.2
release: cdi-person-service-rumsk1
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk1"
annotations:
checksum/configMapsEnv: "8740cc477a11b1421b99f03bffbc5a5f4fdacb75ca97b8b7d8f4672b6502b9e1"
- checksum/secretEnv: "0e3f5d400ec944e3063c1c5c3c9888161192597f9835b3c929edaa3518a80327"
+ checksum/secretEnv: "310e56c90d0d81d92ddef15fed0dffde12f4e9a1408e437ea26f3d34662ea3b1"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "100m"
sidecar.istio.io/proxyCPULimit: "400m"
sidecar.istio.io/proxyMemory: "128Mi"
sidecar.istio.io/proxyMemoryLimit: "512Mi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"efr-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk1
priorityClassName:
rumsk1
containers:
- name: app
image: registry.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service:6.9.2
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: cdi-person-service-rumsk1-app-cm-env
- secretRef:
name: cdi-person-service-rumsk1-app-secret-env
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 360
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
isys-efr, cdi-person-service-rumsk1-app-secret-env, Secret (v1) has changed:
+ Changes suppressed on sensitive content of type Secret
Comparing release=cdi-person-service-rumsk2, chart=rshb-charts/base
isys-efr, cdi-person-service-rumsk2, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cdi-person-service-rumsk2
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
chart: base-1.14.2
release: cdi-person-service-rumsk2
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk2"
annotations:
gitlabCommit: 13869b63b0ab42012f09a79242fe7c6def13a86d
gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052
platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 13869b63
platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3228052"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
release: cdi-person-service-rumsk2
template:
metadata:
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
chart: base-1.14.2
release: cdi-person-service-rumsk2
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk2"
annotations:
checksum/configMapsEnv: "4634201dcbb082a44b12e1d91f725ad96f5d693407eea2d67d8dc9e5adac9e5a"
- checksum/secretEnv: "d10bf43ac1bdca531b308d08311174923f14e1eee134b64bc505b4c021ade412"
+ checksum/secretEnv: "0f0cf693991f98212b4d0e70cb409ab9a1c219dfeaa767fe926883fd15490710"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "100m"
sidecar.istio.io/proxyCPULimit: "400m"
sidecar.istio.io/proxyMemory: "128Mi"
sidecar.istio.io/proxyMemoryLimit: "512Mi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"efr-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk2
priorityClassName:
rumsk2
containers:
- name: app
image: registry.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service:6.9.2
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: cdi-person-service-rumsk2-app-cm-env
- secretRef:
name: cdi-person-service-rumsk2-app-secret-env
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 360
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
isys-efr, cdi-person-service-rumsk2-app-secret-env, Secret (v1) has changed:
+ Changes suppressed on sensitive content of type Secret
Comparing release=cdi-person-service, chart=rshb-charts/raw
Listing releases matching ^pjob-cdi-person-service$
Listing releases matching ^exsvc-cdi-person-service$
Listing releases matching ^data-cdi-person-service$
Listing releases matching ^assets-config-cdi-person-service$
Listing releases matching ^cdi-person-service-raw$
Listing releases matching ^cdi-person-service-grafana-dashboard$
Upgrading release=cdi-person-service-rumsk1, chart=rshb-charts/base
Upgrading release=cdi-person-service-rumsk2, chart=rshb-charts/base
FAILED RELEASES:
NAME
cdi-person-service-rumsk2
cdi-person-service-rumsk1
in deploy/helmfile.yaml: 2 errors:
err 0: failed processing release cdi-person-service-rumsk2: command "/usr/local/link/helm" exited with non-zero status:
PATH:
/usr/local/link/helm
ARGS:
0: helm (4 bytes)
1: --kube-context (14 bytes)
2: rcsdstbl (8 bytes)
3: upgrade (7 bytes)
4: --install (9 bytes)
5: --reset-values (14 bytes)
6: cdi-person-service-rumsk2 (25 bytes)
7: rshb-charts/base (16 bytes)
8: --version (9 bytes)
9: 1.14.2 (6 bytes)
10: --wait (6 bytes)
11: --timeout (9 bytes)
12: 600s (4 bytes)
13: --atomic (8 bytes)
14: --kube-context (14 bytes)
15: rcsdstbl (8 bytes)
16: --namespace (11 bytes)
17: isys-efr (8 bytes)
18: --values (8 bytes)
19: /tmp/helmfile3990528036/isys-efr-cdi-person-service-rumsk2-values-747c8f666d (76 bytes)
20: --values (8 bytes)
21: /tmp/helmfile2613700263/isys-efr-cdi-person-service-rumsk2-values-7f64984cd7 (76 bytes)
22: --values (8 bytes)
23: /tmp/helmfile376973464/isys-efr-cdi-person-service-rumsk2-values-7894ccbd97 (75 bytes)
24: --set (5 bytes)
25: additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052 (147 bytes)
26: --set (5 bytes)
27: additionalWorkloadAnnotations.gitlabCommit=13869b63b0ab42012f09a79242fe7c6def13a86d (83 bytes)
28: --history-max (13 bytes)
29: 10 (2 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
Error: UPGRADE FAILED: release cdi-person-service-rumsk2 failed, and has been rolled back due to atomic being set: timed out waiting for the condition
COMBINED OUTPUT:
Error: UPGRADE FAILED: release cdi-person-service-rumsk2 failed, and has been rolled back due to atomic being set: timed out waiting for the condition
err 1: failed processing release cdi-person-service-rumsk1: command "/usr/local/link/helm" exited with non-zero status:
PATH:
/usr/local/link/helm
ARGS:
0: helm (4 bytes)
1: --kube-context (14 bytes)
2: rcsdstbl (8 bytes)
3: upgrade (7 bytes)
4: --install (9 bytes)
5: --reset-values (14 bytes)
6: cdi-person-service-rumsk1 (25 bytes)
7: rshb-charts/base (16 bytes)
8: --version (9 bytes)
9: 1.14.2 (6 bytes)
10: --wait (6 bytes)
11: --timeout (9 bytes)
12: 600s (4 bytes)
13: --atomic (8 bytes)
14: --kube-context (14 bytes)
15: rcsdstbl (8 bytes)
16: --namespace (11 bytes)
17: isys-efr (8 bytes)
18: --values (8 bytes)
19: /tmp/helmfile3356042979/isys-efr-cdi-person-service-rumsk1-values-84cb8c6f55 (76 bytes)
20: --values (8 bytes)
21: /tmp/helmfile1595446394/isys-efr-cdi-person-service-rumsk1-values-7d5bb5b4cb (76 bytes)
22: --values (8 bytes)
23: /tmp/helmfile2389122692/isys-efr-cdi-person-service-rumsk1-values-55fc595bcd (76 bytes)
24: --set (5 bytes)
25: additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052 (147 bytes)
26: --set (5 bytes)
27: additionalWorkloadAnnotations.gitlabCommit=13869b63b0ab42012f09a79242fe7c6def13a86d (83 bytes)
28: --history-max (13 bytes)
29: 10 (2 bytes)
ERROR:
exit status 1
EXIT STATUS
1
STDERR:
Error: UPGRADE FAILED: release cdi-person-service-rumsk1 failed, and has been rolled back due to atomic being set: timed out waiting for the condition
COMBINED OUTPUT:
Error: UPGRADE FAILED: release cdi-person-service-rumsk1 failed, and has been rolled back due to atomic being set: timed out waiting for the condition
Uploading artifacts for failed job
00:01
Uploading artifacts...
deploy.env: found 1 matching artifact files and directories
Uploading artifacts as "dotenv" to coordinator... 201 Created id=22530609 responseStatus=201 Created token=64_TX3QS
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 1