Synthetic private minion cannot be launched in EKS

Any update per chance?

Thanks,
Paul

We are actively working on this and should have a version of the minion that supports K8s 1.21+ by the end of this month.

1 Like

Great news @bpeck, Thank you for the update :+1:

Sounds like a fix is in the works for this, which is great as its blocking me as well.
Despite the title of this thread stating the problem is specific to EKS, I’m unable to run this in minikube at version 1.22.3…which I believe is also expected since you can’t shut off BoundServiceAccountTokenVolume. Looks like Minikube doesn’t start if you do that.

Whenever I can get this working in minikube I will get blocked by this because my production environments are both EKS and OKD which are both above 1.21. It’d be great if the pending fix worked out of the box on minikube at a version 1.21+ for those trying to evaluate this feature. Note: The current templates on master reference rbac.authorization.k8s.io/v1beta1 for the role and rolebinding api versions. Those need to go to v1 as part of this fix I think. I had to download and modify your templates before running just to get past errors related to that.

I may back my minikube down to version 1.15 just to see if that works temporarily but I couldn’t actually do anything with this in a real environment until the fix is available.

Release note updates are in progress, but version 3.0.61 of the private minion is available and includes support for K8s 1.21+. This includes the role and rolebinding updates in the helm chart and updated logic to account for BoundServiceAccountTokenVolumes.

1 Like

This is great news! I’m definitely willing to give it a go. I’ll try that tonight or tomorrow morning for you and let you know how it goes.

FYI, I was able to spin up minikube with kubernetes 1.15.1 yesterday and it did start up the synthetic minion pod but for some reason it seemed to fail to launch a runner job. I think it got stuck downloading from quay.io…which I’m going to want to override anyways to proxy through our own artifactory. No worries though, I’d rather debug that at a newer version anyways. Stay tuned…

Quick update. I tested with 3.0.61 and everything is working great in minikube v1.24.0 (kubernetes v1.22.3).
For anyone else following this thread, I was initially confused by the statement version 3.0.61 of the private minion is available…I had gone poking around for a branch by that name and came up empty. I then realized that was in reference to appVersion and not the chartVersion. It just meant that the latest fix is at the head of master in chart version 1.0.49…which references appVersion 3.0.61. I see those role api version changes in there as well which is great. Super psyched continue evaluating the CPM features. Thanks again for getting this fix out right when I needed it!

Update: while I can see my healtchecks working from the pod logs AND breaking the network connection for the minion successfully triggers an email alert, the built in Synthetics dashboards for my ping healthcheck never seems to show me any data. Succes failure rate column and locations failing is always empty. I’ll open a new thread on this since this is probably a separate issue.