Getting a gitpod (on eks) cloudformation stack creation error

The following resource(s) failed to create: [BaseClusterchartGitpodChartDC2236F6]. Rollback requested by user.
2021-09-03 13:15:36 UTC+0100 BaseClusterchartGitpodChartDC2236F6 CREATE_FAILED Received response status [FAILED] from custom resource. Message returned: Error: b’Release “gitpod” does not exist. Installing it now.\nW0903 12:10:20.853606 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.865698 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.875409 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.890031 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.907902 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.933461 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0903 12:10:20.945113 15 warnings.go:70] policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25

@mlysaght2017 I don’t see the error in the posted output. You can check what’s the error running
kubectl get pods and get the error from the failing component with kubectl logs <pod>

I’m getting the same error. That error appears in the terminal output. Here it a screen shot of the output from the terminal

and looking at CloudFormation I see it as well

If I run kubectl get pods I get “The connection to the server localhost:8080 was refused - did you specify the right host or port”. I’m not that familiar with kubectl but I think it requires a ~/.kube/config file but there is no file on my local machine. Do I need to create that? (There is a ~/.kube/config.eksctl.lock file and it’s 0 bytes).

I can run eksctl get cluster and I see the “gitpod” cluster listed. But I don’t know how to get any logs from it.

I was able to create a ~/.kube/config file and run kebuctl get pods but I’m not able to get the logs

you need to choose the container

kubectl logs image-builder… -c kube-rbac-proxy

Thanks for the tip. When I do that I get

@philcruz please pull the latest changes and run make install .

Also, what options are you setting in the .env file? (not the value but the keys)

@aledbf Should I run make uninstall first or I can just do make install

In the .env file I’m setting

DOMAIN=gitpod.mydomain.com
CERTIFICATE_ARN=arn:aws:acm:us-east-1:12345678....
AWS_PROFILE=my-profile
CONTAINER_REGISTRY_BUCKET=
IMAGE_PULL_SECRET_FILE=/Users/phil/.docker/config.json
IMAGE_REGISTRY_WHITELIST=
USE_INTERNAL_ALB=false
ALB_SUBNETS=

I’m unsure of the value for IMAGE_PULL_SECRET_FILE. Is that correct? I think I tried leaving that value blank and make install would not complete.

Also, I ran kubectl describe pod image-builder-mk3-74649d88b-trc2m and attached is the output of that if that helps.

Name:                 image-builder-mk3-74649d88b-trc2m
Namespace:            default
Priority:             2000001000
Priority Class Name:  system-node-critical
Node:                 ip-192-168-181-157.ec2.internal/192.168.181.157
Start Time:           Sun, 05 Sep 2021 16:17:52 -0700
Labels:               app=gitpod
                      component=image-builder-mk3
                      kind=pod
                      pod-template-hash=74649d88b
                      stage=production
Annotations:          checksum/builtin-registry-auth: 00b587ff9a6afa745fcc06c9d3aef8331944bb87a567e9b3a6bbb9d96551b501
                      checksum/image-builder-mk3-configmap.yaml: 46e1edefe1a94beead66b5f3a2bfa021995b0bee377f520acedd9d1702f05ac1
                      kubernetes.io/psp: eks.privileged
Status:               Pending
IP:                   
IPs:                  <none>
Controlled By:        ReplicaSet/image-builder-mk3-74649d88b
Init Containers:
  update-ca-certificates:
    Container ID:  
    Image:         ghcr.io/aledbf/gitpod-ca-updater:latest
    Image ID:      
    Port:          <none>
    Host Port:     <none>
    Command:
      bash
      -c
      set -e
      update-ca-certificates -f
      cp /etc/ssl/certs/* /ssl-certs
      echo "OK"
      
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /ssl-certs from cacerts (rw)
      /usr/local/share/ca-certificates/gitpod-ca.crt from gitpod-ca-certificate (rw,path="ca.crt")
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fj688 (ro)
Containers:
  kube-rbac-proxy:
    Container ID:  
    Image:         quay.io/brancz/kube-rbac-proxy:v0.9.0
    Image ID:      
    Port:          9500/TCP
    Host Port:     0/TCP
    Args:
      --v=10
      --logtostderr
      --insecure-listen-address=[$(IP)]:9500
      --upstream=http://127.0.0.1:9500/
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:     1m
      memory:  30Mi
    Environment:
      IP:   (v1:status.podIP)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fj688 (ro)
  image-builder-mk3:
    Container ID:  
    Image:         eu.gcr.io/gitpod-core-dev/build/image-builder-mk3:aledbf-mk3.68
    Image ID:      
    Port:          8080/TCP
    Host Port:     0/TCP
    Args:
      run
      -v
      --config
      /config/image-builder.json
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:     1m
      memory:  256Mi
    Environment:
      KUBE_STAGE:                     production
      KUBE_NAMESPACE:                 default (v1:metadata.namespace)
      KUBE_DOMAIN:                    svc.cluster.local
      VERSION:                        aledbf-mk3.68
      GITPOD_DOMAIN:                  gitpod.mydomain.com
      HOST_URL:                       https://gitpod.mydomain.com
      GITPOD_REGION:                  us-east-1
      GITPOD_INSTALLATION_LONGNAME:   production.us-east-1
      GITPOD_INSTALLATION_SHORTNAME:  us-east-1
      LOG_LEVEL:                      info
      JAEGER_ENDPOINT:                http://jaeger-collector:14268/api/traces
      JAEGER_SAMPLER_TYPE:            const
      JAEGER_SAMPLER_PARAM:           1
    Mounts:
      /config/authkey from authkey (rw,path="keyfile")
      /config/image-builder.json from configuration (rw,path="image-builder.json")
      /config/pull-secret.json from pull-secret (rw,path=".dockerconfigjson")
      /etc/ssl/certs from cacerts (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fj688 (ro)
      /wsman-certs from wsman-tls-certs (ro)
Conditions:
  Type              Status
  Initialized       False 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  configuration:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      image-builder-mk3-config
    Optional:  false
  authkey:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  image-builder-mk3-authkey
    Optional:    false
  pull-secret:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  gitpod-image-pull-secret
    Optional:    false
  wsman-tls-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  ws-manager-tls
    Optional:    false
  cacerts:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  gitpod-ca-certificate:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  gitpod-registry-cert
    Optional:    false
  kube-api-access-fj688:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                     From     Message
  ----     ------       ----                    ----     -------
  Warning  FailedMount  31m (x219 over 2d2h)    kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[cacerts gitpod-ca-certificate kube-api-access-fj688 configuration authkey wsman-tls-certs pull-secret]: timed out waiting for the condition
  Warning  FailedMount  20m (x194 over 2d2h)    kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[authkey wsman-tls-certs pull-secret cacerts gitpod-ca-certificate kube-api-access-fj688 configuration]: timed out waiting for the condition
  Warning  FailedMount  11m (x196 over 2d2h)    kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[pull-secret cacerts gitpod-ca-certificate kube-api-access-fj688 configuration authkey wsman-tls-certs]: timed out waiting for the condition
  Warning  FailedMount  6m55s (x168 over 2d2h)  kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[configuration authkey wsman-tls-certs pull-secret cacerts gitpod-ca-certificate kube-api-access-fj688]: timed out waiting for the condition
  Warning  FailedMount  118s (x1496 over 2d2h)  kubelet  MountVolume.SetUp failed for volume "pull-secret" : secret "gitpod-image-pull-secret" not found

Only make install. The error is related to the installation of the gitpod chart.

Please copy the file to the local directory

I’ve pulled the latest changes and now get:

$ make install
Starting install process…
unknown flag: --pull
See ‘docker run --help’.
make: *** [Makefile:38: install] Error 125

This is using:
docker --version
Docker version 19.03.15, build 99e3ed8919

on gitpod

@mlysaght2017 you should update :wink:
You can edit the Makefile file and remove the parameter --pull always. If you do that make sure to pull the docker image before running make install (or you will use the old version of the docker image)

got it - thanks @aledbf

before make install:

docker pull ghcr.io/gitpod-io/gitpod-eks-guide:latest

then make install

still getting:

Gitpod: creating CloudFormation changeset…
2:47:08 PM | CREATE_FAILED | Custom::AWSCDK-EKS-HelmChart | BaseClusterchartGitpodChartDC2236F6
Received response status [FAILED] from custom resource. Message returned: Error: b’W0908 14:41:53.743938 15 warnings.go:70] policy/v1beta1 PodSecurityPol
icy is deprecated in v1.21+, unavailable in v1.25+\nW0908 14:41:53.748810 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, un
available in v1.25+\nW0908 14:41:53.755410 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0908 14:4
1:53.770662 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0908 14:41:53.774934 15 warnings.go
:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+\nW0908 14:41:53.793077 15 warnings.go:70] policy/v1beta1 PodSecurity
Policy is deprecated in v1.21+, unavailable in v1.25+\nW0908 14:41:53.808117 15 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+,
unavailable in v1.25+\nW0908 14:41:53.812935 15 warnings.go:70] policy

    new CustomResource (/gitpod/node_modules/@aws-cdk/core/lib/custom-resource.ts:36:21)
    \_ new HelmChart (/gitpod/node_modules/@aws-cdk/aws-eks/lib/helm-chart.ts:69:5)
    \_ ImportedCluster.addHelmChart (/gitpod/node_modules/@aws-cdk/aws-eks/lib/cluster.ts:347:12)
    \_ new GitpodStack (/gitpod/lib/gitpod.ts:48:35)
    \_ Object.<anonymous> (/gitpod/bin/provision.ts:43:16)
    \_ Module._compile (internal/modules/cjs/loader.js:1072:14)
    \_ Module.m._compile (/gitpod/node_modules/ts-node/src/index.ts:1310:23)
    \_ Module._extensions..js (internal/modules/cjs/loader.js:1101:10)
    \_ Object.require.extensions.<computed> [as .ts] (/gitpod/node_modules/ts-node/src/index.ts:1313:12)
    \_ Module.load (internal/modules/cjs/loader.js:937:32)
    \_ Function.Module._load (internal/modules/cjs/loader.js:778:12)
    \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
    \_ main (/gitpod/node_modules/ts-node/src/bin.ts:331:12)
    \_ Object.<anonymous> (/gitpod/node_modules/ts-node/src/bin.ts:482:3)
    \_ Module._compile (internal/modules/cjs/loader.js:1072:14)
    \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1101:10)
    \_ Module.load (internal/modules/cjs/loader.js:937:32)
    \_ Function.Module._load (internal/modules/cjs/loader.js:778:12)
    \_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
    \_ /usr/local/share/.config/yarn/global/node_modules/npx/node_modules/libnpx/index.js:268:14

:x: Gitpod failed: Error: The stack named Gitpod failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
at Object.waitForStackDeploy (/usr/local/share/.config/yarn/global/node_modules/aws-cdk/lib/api/util/cloudformation.ts:305:11)
at runMicrotasks ()
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at Object.deployStack (/usr/local/share/.config/yarn/global/node_modules/aws-cdk/lib/api/deploy-stack.ts:306:26)
at CdkToolkit.deploy (/usr/local/share/.config/yarn/global/node_modules/aws-cdk/lib/cdk-toolkit.ts:184:24)
at initCommandLine (/usr/local/share/.config/yarn/global/node_modules/aws-cdk/bin/cdk.ts:218:9)
The stack named Gitpod failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
make: *** [Makefile:37: install] Error 1

@mlysaght2017 please check what component is failing running kubectl get pods and the extract the log running kubectl logs

@aledbf
I copied my ~/.docker/config.json to the local repo directory as docker-config.json so updated my .env like
IMAGE_PULL_SECRET_FILE=docker-config.json

I ran make install again and I’m getting the same error/output as @mlysaght2017

This is what I get when I try to get the logs.

@philcruz please run kubectl describe pod image-builder-mk3-5c975d98bd-6lpcp (check the name) and also post the content kubectl get configmap image-builder-mk3-config

@aledbf

Name:                 image-builder-mk3-5c975d98bd-6lpcp
Namespace:            default
Priority:             2000001000
Priority Class Name:  system-node-critical
Node:                 ip-192-168-181-157.ec2.internal/192.168.181.157
Start Time:           Wed, 08 Sep 2021 19:03:32 -0700
Labels:               app=gitpod
                      component=image-builder-mk3
                      kind=pod
                      pod-template-hash=5c975d98bd
                      stage=production
Annotations:          checksum/builtin-registry-auth: 82a5a9ee2b0b0bfcd52388b1e2a77d81e4be200ae88c7942b776be7d1603c0d9
                      checksum/image-builder-mk3-configmap.yaml: 46e1edefe1a94beead66b5f3a2bfa021995b0bee377f520acedd9d1702f05ac1
                      kubernetes.io/psp: eks.privileged
Status:               Pending
IP:                   
IPs:                  <none>
Controlled By:        ReplicaSet/image-builder-mk3-5c975d98bd
Init Containers:
  update-ca-certificates:
    Container ID:  
    Image:         ghcr.io/aledbf/gitpod-ca-updater:latest
    Image ID:      
    Port:          <none>
    Host Port:     <none>
    Command:
      bash
      -c
      set -e
      update-ca-certificates -f
      cp /etc/ssl/certs/* /ssl-certs
      echo "OK"
      
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /ssl-certs from cacerts (rw)
      /usr/local/share/ca-certificates/gitpod-ca.crt from gitpod-ca-certificate (rw,path="ca.crt")
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wjq6b (ro)
Containers:
  kube-rbac-proxy:
    Container ID:  
    Image:         quay.io/brancz/kube-rbac-proxy:v0.9.0
    Image ID:      
    Port:          9500/TCP
    Host Port:     0/TCP
    Args:
      --v=10
      --logtostderr
      --insecure-listen-address=[$(IP)]:9500
      --upstream=http://127.0.0.1:9500/
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:     1m
      memory:  30Mi
    Environment:
      IP:   (v1:status.podIP)
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wjq6b (ro)
  image-builder-mk3:
    Container ID:  
    Image:         eu.gcr.io/gitpod-core-dev/build/image-builder-mk3:aledbf-mk3.68
    Image ID:      
    Port:          8080/TCP
    Host Port:     0/TCP
    Args:
      run
      -v
      --config
      /config/image-builder.json
    State:          Waiting
      Reason:       PodInitializing
    Ready:          False
    Restart Count:  0
    Requests:
      cpu:     1m
      memory:  256Mi
    Environment:
      KUBE_STAGE:                     production
      KUBE_NAMESPACE:                 default (v1:metadata.namespace)
      KUBE_DOMAIN:                    svc.cluster.local
      VERSION:                        aledbf-mk3.68
      GITPOD_DOMAIN:                  gitpod.mydomain.com
      HOST_URL:                       https://gitpod.mydomain.com
      GITPOD_REGION:                  us-east-1
      GITPOD_INSTALLATION_LONGNAME:   production.us-east-1
      GITPOD_INSTALLATION_SHORTNAME:  us-east-1
      LOG_LEVEL:                      info
      JAEGER_ENDPOINT:                http://jaeger-collector:14268/api/traces
      JAEGER_SAMPLER_TYPE:            const
      JAEGER_SAMPLER_PARAM:           1
    Mounts:
      /config/authkey from authkey (rw,path="keyfile")
      /config/image-builder.json from configuration (rw,path="image-builder.json")
      /config/pull-secret.json from pull-secret (rw,path=".dockerconfigjson")
      /etc/ssl/certs from cacerts (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-wjq6b (ro)
      /wsman-certs from wsman-tls-certs (ro)
Conditions:
  Type              Status
  Initialized       False 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  configuration:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      image-builder-mk3-config
    Optional:  false
  authkey:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  image-builder-mk3-authkey
    Optional:    false
  pull-secret:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  gitpod-image-pull-secret
    Optional:    false
  wsman-tls-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  ws-manager-tls
    Optional:    false
  cacerts:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
  gitpod-ca-certificate:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  gitpod-registry-cert
    Optional:    false
  kube-api-access-wjq6b:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   Burstable
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason       Age                    From     Message
  ----     ------       ----                   ----     -------
  Warning  FailedMount  45m (x4 over 113m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[pull-secret cacerts gitpod-ca-certificate kube-api-access-wjq6b configuration authkey wsman-tls-certs]: timed out waiting for the condition
  Warning  FailedMount  34m (x9 over 129m)     kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[configuration authkey wsman-tls-certs pull-secret cacerts gitpod-ca-certificate kube-api-access-wjq6b]: timed out waiting for the condition
  Warning  FailedMount  20m (x8 over 97m)      kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[cacerts gitpod-ca-certificate kube-api-access-wjq6b configuration authkey wsman-tls-certs pull-secret]: timed out waiting for the condition
  Warning  FailedMount  5m46s (x72 over 136m)  kubelet  MountVolume.SetUp failed for volume "pull-secret" : secret "gitpod-image-pull-secret" not found
  Warning  FailedMount  21s (x11 over 131m)    kubelet  Unable to attach or mount volumes: unmounted volumes=[pull-secret], unattached volumes=[wsman-tls-certs pull-secret cacerts gitpod-ca-certificate kube-api-access-wjq6b configuration authkey]: timed out waiting for the condition

image

hmm…that doesn’t show much so I think perhaps you wanted kubectl describe configmap image-builder-mk3-config


Name:         image-builder-mk3-config
Namespace:    default
Labels:       app=gitpod
              app.kubernetes.io/managed-by=Helm
              chart=gitpod-1.3.4
              heritage=Helm
              release=gitpod
Annotations:  meta.helm.sh/release-name: gitpod
              meta.helm.sh/release-namespace: default

Data
====
buildkitd.toml:
----
debug=true
[registry."registry.default.svc.cluster.local"]
  insecure = true
  ca=["/usr/local/share/ca-certificates/gitpod-ca.crt"]

image-builder.json:
----
{
    "orchestrator": {"authFile": "/config/pull-secret.json","gitpodLayerLoc": "/app/workspace-image-layer.tar.gz",
        "baseImageRepository": "registry.default.svc.cluster.local/base-images",
        "workspaceImageRepository": "registry.default.svc.cluster.local/workspace-images",
        "imageBuildSalt": "","wsman": {
            "address": "ws-manager:8080",
            "tls": {
                "ca": "/wsman-certs/ca.crt",
                "crt": "/wsman-certs/tls.crt",
                "key": "/wsman-certs/tls.key"
            }
        },"builderImage": "eu.gcr.io/gitpod-core-dev/build/image-builder-mk3/bob:aledbf-mk3.68",
        "builderAuthKeyFile": "/config/authkey"
    },
    "refCache": {
        "interval": "6h",
        "refs": ["docker.io/gitpod/workspace-full:latest"]
    },
    "pprof": {
        "address": ":6060"
    },
    "prometheus": {
        "address": "127.0.0.1:9500"
    },
    "service": {
        "address": ":8080"
    }
}
Events:  <none>

Warning FailedMount 5m46s (x72 over 136m) kubelet MountVolume.SetUp failed for volume “pull-secret” : secret “gitpod-image-pull-secret” not found

You are setting IMAGE_PULL_SECRET_FILE and for some reason (I cannot reproduce) the creation of the secret is not being executed.

Please create the secret running

kubectl create secret generic gitpod-image-pull-secret \
            --from-file=.dockerconfigjson=<path to the file> \
            --type=kubernetes.io/dockerconfigjson

@aledbf I’ll try it when I get back to that machine later today.

Do I need to run make install after that?

@philcruz no but because of the time waiting for the secret, you should run
kubectl rollout restart deployment/image-builder-mk3 to force a restart of the pods

@aledbf Making progress! :smile:

I go to the AWS console, to EC2 Dashboard, To Load Balancers and I can see the LB at DNS name like internal-k8s-internalgroup-e333f78136-*****.us-east-1.elb.amazonaws.com

But if I try to hit that in a browser I get

image

How can I access the application?

Or I guess I have to set up the CNAMES first? I’ll try that…