The instructions in the README.md say to submit the clair-kubernetes.yml file first, but this seems it would fail as it's trying to mount a secret that is submitted second. If it fails, it should restart and try to find the newly submitted secret. However, either way it still fails with config.yaml not found:
knepper@MacBook-Pro-2:~/clair/contrib/k8s> kubectl --server="10.3.3.143:8080" create -f clair-kubernetes.yaml
You have exposed your service on an external port on all nodes in your
cluster. If you want to expose this service to the external internet, you may
need to set up firewall rules for the service port(s) (tcp:30060,tcp:30061) to serve traffic.
See http://releases.k8s.io/release-1.1/docs/user-guide/services-firewalls.md for more details.
service "clairsvc" created
replicationcontroller "clair" created
replicationcontroller "clair-postgres" created
error validating "clair-kubernetes.yaml": error validating data: field nodePort: is required; if you choose to ignore these errors, turn validation off with --validate=false
jknepper@MacBook-Pro-2:~/clair/contrib/k8s> kubectl --server="10.3.3.143:8080" describe svc
Name: clairsvc
Namespace: default
Labels: app=clair
Selector: app=clair
Type: NodePort
IP: 10.100.90.139
Port: clair-port0 6060/TCP
NodePort: clair-port0 30060/TCP
Endpoints: <none>
Port: clair-port1 6061/TCP
NodePort: clair-port1 30061/TCP
Endpoints: <none>
Session Affinity: None
No events.
Name: dashboard-api-service
Namespace: default
Labels: romulus/lb=vulcan,romulus/route=public
Selector: app=dashboard-api
Type: NodePort
IP: 10.100.34.226
Port: <unnamed> 9003/TCP
NodePort: <unnamed> 30001/TCP
Endpoints: 10.244.87.11:9292
Session Affinity: None
No events.
Name: kubernetes
Namespace: default
Labels: component=apiserver,provider=kubernetes
Selector: <none>
Type: ClusterIP
IP: 10.100.0.1
Port: <unnamed> 443/TCP
Endpoints: 10.3.3.143:6443
Session Affinity: None
No events.
Nonetheless, my problem is the submission of the secret fails with the following output:
jknepper@MacBook-Pro-2:~/clair/contrib/k8s> kubectl --server="10.3.3.143:8080" create -f config.yaml --v=3
F0321 09:31:44.340694 84663 helpers.go:96] error validating "config.yaml": error validating data: Object 'apiVersion' is missing in '{"clair":{"api":{"cafile":null,"certfile":null,"healthport":6061,"keyfile":null,"paginationKey":null,"port":6060,"servername":null,"timeout":"900s"},"database":{"cacheSize":16384,"source":"postgres://postgres:password@postgres:5432/postgres?sslmode=disable"},"notifier":{"attempts":3,"http":{"cafile":null,"certfile":null,"endpoint":null,"keyfile":null,"servername":null},"renotifyInterval":"2h"},"updater":{"interval":"2h"}}}'; if you choose to ignore these errors, turn validation off with --validate=false
jknepper@MacBook-Pro-2:~/k8s> kubectl --server="10.3.3.143:8080" describe pods clair-u1p5r
Name: clair-u1p5r
Namespace: default
Image(s): quay.io/coreos/clair
Node: 10.3.3.54/10.3.3.54
Start Time: Mon, 21 Mar 2016 09:13:47 -0700
Labels: app=clair
Status: Running
Reason:
Message:
IP: 10.244.87.15
Replication Controllers: clair (1/1 replicas created)
Containers:
clair:
Container ID: docker://aa09617c867d0d7b1f9a0ad1b42d8d7ca513fce9824da7bceae0202a59331c10
Image: quay.io/coreos/clair
Image ID: docker://7158ef42f9d805c0498a2231c4fc5d6740f5bd359bf4e3540eda3ade3d985a49
State: Running
Started: Mon, 21 Mar 2016 09:47:11 -0700
Last Termination State: Terminated
Exit Code: 1
Started: Mon, 21 Mar 2016 09:47:01 -0700
Finished: Mon, 21 Mar 2016 09:47:01 -0700
Ready: False
Restart Count: 11
Environment Variables:
Conditions:
Type Status
Ready False
Volumes:
secret-volume:
Type: Secret (a secret that should populate this volume)
SecretName: clairsecret
default-token-i7ba3:
Type: Secret (a secret that should populate this volume)
SecretName: default-token-i7ba3
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
───────── ──────── ───── ──── ───────────── ────── ───────
33m 33m 1 {scheduler } scheduled Successfully assigned clair-u1p5r to 10.3.3.54
33m 33m 1 {kubelet 10.3.3.54} implicitly required container POD pulled Pod container image "gcr.io/google_containers/pause:0.8.0" already present on machine
33m 33m 1 {kubelet 10.3.3.54} implicitly required container POD created Created with docker id 2518104c9595
33m 33m 1 {kubelet 10.3.3.54} implicitly required container POD started Started with docker id 2518104c9595
33m 33m 1 {kubelet 10.3.3.54} spec.containers{clair} created Created with docker id 9118b37ec74f
33m 33m 1 {kubelet 10.3.3.54} spec.containers{clair} started Started with docker id 9118b37ec74f
33m 33m 1 {kubelet 10.3.3.54} spec.containers{clair} created Created with docker id 6abc111e5983
33m 33m 1 {kubelet 10.3.3.54} spec.containers{clair} started Started with docker id 6abc111e5983
The error returned from the submitted pods are related to not being able to find the config.yaml:
jknepper@MacBook-Pro-2:~/k8s> kubectl --server="10.3.3.143:8080" logs clair-u1p5r
2016-03-21 16:47:41.652439 C | main: failed to load configuration: open /config/config.yaml: no such file or directory
I also attempted removing references to the secret, the config arguments to the clair container as well as the mount point to get the ""defaults"" specified in the config.yml file as stated when you don't use the secret, and it still failed with the same error but different path '/etc/config/config.yaml' not found.