Skip to content

🎉 Debugging

Warning

This page is a work in progress. If you encounter problems, be sure to commit them on this page.

Common Errors

tls: failed to verify certificate: x509: certificate signed by unknown authority

Disable Warp and try again.

The root module input variable "cloudflare_api_token" is not set, and has no default value.

If you Cloudflare API token is not getting sourced correctly, you will need to manually input the value from .staging.env or .production.env.

Cert Manager errors during make bootstrap

If you see something like:

source .staging.env
TASK [certificates : Check if cert-manager CRDs are installed] ***************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "kubectl get crd | grep cert-manager", "delta": "0:00:00.218040", "end": "2023-11-30 15:16:54.241395", "msg": "non-zero return code", "rc": 1, "start": "2023-11-30 15:16:54.023355", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
...ignoring

Don't be alarmed. This is normal. this error is saying that the CRDs are not installed, but they will install in the next task. This will also happen for cert-manager installation itself.

Master version "1.30.8-gke.1261000" is unsupported.

Update k8s_cluster_version in tfvars to the recommended auto-upgrade target in the regular release channel here.

FAQs

How do I handle certificate rotations?

Certificate rotations are handled automatically. You may receive an email with the following subject line: Let's Encrypt certificate expiration notice for domain "otfe-k8s.videodelivery.net".

  • Currently the production cluster for otfe-k8s.videodelivery.net is not used, only the staging domain (otfe-k8s.staging.videodelivery.net) is used. This domain certificate will auto renew via JetStack.

You can view more information about this in Cluster Management page.

How do I get Google access?

Only certain users with elevated permissions can run this software. Within Google, make sure you have:

  • otfe-staging service account role
  • service account token creator role
Google authentication errors

If you encounter any authentication errors with Google, you can try a few steps:

  1. Ensure you have the proper access & roles assigned to your Cloudflare GCP account.
  2. gcloud auth application-default login

I normally like to export my credentials JSON by default as well: 

export GOOGLE_APPLICATION_CREDENTIALS='./creds/otfe.json'

Terraform authentication errors

If you encounter any authentication errors with Terraform, it's recommended you manually source the environment variable file at the root.

source .staging.env

Be sure to update that based on your env you want to target. This can happen if the env vars automatically pulled via Make are not applying correctly, so manually exporting should resolve.