I can’t access Kubecong on the Module 8 lab. However, the files are all configured correctly, such as KUBECONFIG, environment variables, etc. Here’s the error message from Actions:
Run kubectl version -o yaml
The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
clientVersion:
buildDate: “2023-08-24T11:23:10Z”
compile: gc
gitCommit: 8dc49c4b984b897d423aab4971090e1879eb4f23
gitTreeState: clean
gitVersion: v1.28.1
goVersion: go1.20.7
major: “1”
minor: “28”
platform: linux/amd64
kustomizeVersion: v5.0.4-0.20230601165947-6ce0bf390ce3
Error: Process completed with exit code 1.
Hi @Alphonse
Could you please share the lab URL?
This lab does not have any tasks related to configuring kubeconfig.
Which specific task are you facing issues with?
Module 8 is Security Guide. What’s the issue you are facing?
Can you please share complete workflow YAML in a code block please?
I can’t attach it so i copy paste it here.
name: Solar System Workflow
on:
workflow_dispatch:
push:
branches:
- main
- ‘feature/*’
env:
MONGO_URI: ‘mongodb+srv://supercluster.d83jj.mongodb.net/superData’
MONGO_USERNAME: superuser
MONGO_PASSWORD: ${{ secrets.MONGO_PASSWORD }}
jobs:
unit-testing:
name: Unit Testing
runs-on: ubuntu-latest
container: #use container to run all steps
image: ‘node:20’
steps:
- name: Checkout Repository
uses: actions/checkout@v4
# - name: Setup NodeJS Version
# uses: actions/setup-node@v4
# with:
# node-version: 20
- name: Cache NPM dependencies
uses: actions/cache@v4
with:
path: ~/.npm
key: '${{ runner.os }}-node-modules-${{ hashFiles(''package-lock.json'') }}'
- name: Install Dependencies
run: npm install
- name: Unit Testing
run: npm test
- name: Archive Test Result
if: always()
uses: actions/upload-artifact@v4
with:
name: Mocha-Test-Result
path: test-results.xml
code-coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
- run: npm install
- continue-on-error: true
run: npm run coverage
- uses: actions/upload-artifact@v4
with:
name: Code-Coverage-Result
path: coverage
retention-days: 5
docker:
permissions: #add permission to write to registry
packages: write
runs-on: ubuntu-latest
needs: [unit-testing, code-coverage]
steps:
- uses: actions/checkout@v4
- name: GHCR login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push #added a job and service registry
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: 'ghcr.io/${{ github.repository_owner }}/solar-system:${{ github.sha }}'
dev-deploy:
needs: docker
runs-on: ubuntu-latest
environment:
name: development
steps:
- uses: actions/checkout@v4
- uses: azure/setup-kubectl@v4
with:
version: v1.28.1
- uses: azure/k8s-set-context@v3
with:
method: kubeconfig
kubeconfig: '${{ secrets.KUBECONFIG }}'
- run: kubectl version -o yaml
# - run: >
# echo "INGRESS_IP=$(kubectl -n ingress-nginx get services
# ingress-nginx-controller -o
# jsonpath='{.status.loadBalancer.ingress[0].ip}')" >> $GITHUB_ENV
# - uses: cschleiden/replace-tokens@v1
# with:
# tokenPrefix: '_{_'
# tokenSuffix: '_}_'
# files: '["kubernetes/development/*.yaml"]'
# env:
# NAMESPACE: '${{ vars.NAMESPACE }}'
# REPLICAS: '${{ vars.REPLICAS }}'
# IMAGE: >-
# ghcr.io/${{ github.repository_owner }}/solar-system:${{ github.sha
# }}
# INGRESS_IP: '${{ env.INGRESS_IP }}'
# - run: cat kubernetes/development/*.yaml
GitHub Actions cannot access our lab’s K8S cluster. Kubeconfig is configured on the localhost server https://127.0.0.1:6443
It appears to be a bug in a grader or the kubeconfig. I reproduced a minimum version of this.
The API Server is unreachable here as the Address mentioned is 127.0.0.1:6443. And in GitHub Actions, the localhost is set to the ephemeral worker used for the actions.
I’ll inform the team about this and get back to you when it’s resolved.
Thank you very much for your quick response. I look forward to it.
1 Like
I actually would NOT expect kubectl version to work in this lab, since it wants to find a Kubernetes API server at that address, and there is none. Instead of testing that, please try testing kubectl version --client=true, which does not expect the server to be present. This will probably work. You can also check something like kubectl config get-contexts, which also does not try to query the server.
Thanks for reporting this. We’ve updated the lab to use an internal K8s cluster (based on the Kind package) which allows us to run the solar-system image inside the Github runner. We think that’s pretty cool!
