Troubleshooting💣
Big Bang can take a long time to run. After making changes, it could take 10-15 minutes to take effect. Use the sync.sh script to speed this up.
Big Bang is configured to retry failed package installations and upgrades. Before concluding you have a failure, make sure you allow Big Bang to attempt to resolve dependencies and retry.
Iron Bank authentication💣
| Symptom | Cause | Resolution | 
|---|---|---|
| Despite entering correct credentials, get unauthorized: authentication requiredfrom Iron Bank | Using a non-robot account with an expired token | Login with the non-robot account manually at registry1.dso.mil, then retry. For production, contact the Iron Bank team to obtain a robot account and update pull credentials to use it in your environment | 
Flux install💣
Helpful debugging commands:
# Get the status
kubectl get pods -n flux-system
# Get the logs
kubectl get events -n flux-system
| Symptom | Cause | Resolution | 
|---|---|---|
| Install script timed and pods are still pulling the image | Slow connection to docker registry | Adjust --timeoutvalue influx installto wait longer | 
| Pod status is ImagePullBackOfforErrImagePull | Bad registry, version, or credentials | Fix the --registry,--version, or--image-pull secretoptions or use the./scripts/install_flux.shscript for pulling from Iron Bank | 
Git Repository💣
Helpful debugging commands:
# Get the status
kubectl get gitrepositories -A
# Get the logs
kubectl get events --field-selector involvedObject.kind=GitRepository -A
| Symptom | Cause | Resolution | 
|---|---|---|
| unable to clone ... error: authentication required | Pull credentials for Git invalid or not provided | Add credentials to a Secretand reference it inGitRepository.spec.secretRef.name. If possible, encrypt the secret and include it in the Kustomization deployment for your environment. | 
| auth secret error: Secret ... not found | GitRepositoryis trying to use credentials but cannot find theSecret | Make sure the secret exists and is in the same namespace as the GitRepositoryresource. If possible, encrypt the secret and include it in the Kustomization deployment for your environment. | 
| unable to clone ... error: repository not found | Invalid Git url | Fix url for Git repository and redeploy | 
| unable to clone ... error: couldn't find remote ref | Invalid branch or tag | Fix branch or tag for Git repository and redeploy | 
ConfigMap or Secrets💣
| Symptom | Cause | Resolution | 
|---|---|---|
| ConfigMaporSecretdoes not exist | GitRepository or Kustomization failed. Namespace was incorrect. | Use GitRepository and Kustomization sections to troubleshoot. Use kubectl get secrets,configmaps -Ato verify resource was not in the wrong Namespace. | 
Helm Release💣
Helpful debugging commands:
# Get the status
kubectl get hr -A
# Get the logs
kubectl get events --field-selector involvedObject.kind=HelmRelease -A
# Describe the HelmRelease to get more information
kubectl describe hr <NAME> -n bigbang
# Get all logs/events for a specific HelmRelease object
flux logs --kind=HelmRelease --namespace bigbang --name <NAME>
| Symptom                                                                                                                                                                                                                   | Cause                                                                                                                         | Resolution                                                                                                             |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
| Reconciliation in Progress                                                                                                                                                                                              | This is normal and indicates flux is currently applying updates                                                               | Wait                                                                                                                   |
| dependency ... is not ready                                                                                                                                                                                             | This is normal and indicates flux is currently waiting on another resource to complete                                        | Wait                                                                                                                   |
| Error: YAML parse error on ...                                                                                                                                                                                          | Syntax error in helm chart                                                                                                    | Use helm template to narrow down the problem. Fix it and commit to Git                                               |
| Helm install failed: failed to create resource ... unable to create new content in namespace because it is being terminated                                                                                             | This seems to happen when a re-deploy of Big Bang occurs to early after a Big Bang delete.                                    | Try to remove the namespace using kubectl get ns <stuck namespace> -o json                                            | jq '.spec.finalizers = []' | kubectl replace --raw "/api/v1/namespaces/$NS/finalize" -f. If this does not work, a cluster restart may be necessary. |
| Error: failed to download ...                                                                                                                                                                                           | Path to Helm chart is incorrect                                                                                               | Find the HelmRelease configuration and update spec.path to the correct path of the helm chart                        |
| Helm uninstall failed: uninstall: Release not loaded: ____: release: not found                                                                                                                                          | Helm install failed because of an error and a rollback/uninstall is attempted but release has not been installed.             | Describe the HelmRelease in question or use flux to get the logs to get more info abut why it failed to install.       |
| reconciliation failed: Helm rollback failed: an error occurred while cleaning up resources. original rollback error: no XXXX with the name "XXXX" found: unable to cleanup resources: object not found, skipping delete | This error happens when an upgrade fails and flux attempts a rollback but there are templates that have been renamed/removed. | Describe the HelmRelease in question or use flux to get the logs to get more info abut why exactly the upgrade failed. |
Kustomization💣
Helpful debugging commands:
# Get the status
kubectl get kustomizations -A
# Get the logs
kubectl get events --field-selector involvedObject.kind=Kustomization -A
| Symptom | Cause | Resolution | 
|---|---|---|
| kustomization path not found | spec.pathin Kustomization resource in is incorrect | Fix spec.pathand redeploy | 
| Source not found | spec.sourceRefin Kustomization resource is incorrect | Fix spec.sourceRefto point to repository resource and redeploy | 
| decryption secret error: Secret ... not found | SOPS private key secret is missing or misconfigured | Check decryptionsettings in the Kustomization resource to make suresecretRefis pointing to the correct secret. Make sure theSecretholding the private key is deployed in the cluster. | 
| kustomize build failed: json: unknown field | There is a syntax error with the kustomization files. | Use kustomize buildon the<env>folder orbasefolder to narrow down the problem. Fix the error and push to Git. | 
| evalsymlink failure ... no such file or directory | A reference to a file in kustomization.yamlis incorrect | Use kustomize buildon the<env>folder orbasefolder to narrow down the problem. Fix the error and push to Git. | 
| Error: accumulating resources ... | A reference to a base is incorrect | Use kustomize buildon the<env>folder orbasefolder to narrow down the problem.Review thebases:section for correct paths to find the error. Fix the error and push to Git. | 
| Error fetchingref: fatal: couldn't find remote ref ... | The branch, tag, or sha used for a remote base is incorrect | Use kustomize buildon the<env>folder orbasefolder to narrow down the problem. It is likely the remote reference to the Big Bang’s Kustomize in thebasefolder. Review thebases:section for correct paths to find the error. Fix the error and push to Git. | 
| Error: merging from generator ... | Kustomize is trying to merge with a resource that is non-existent. This is usually due to naming the merging ConfigMaporSecretincorrectly compared to a baseConfigMaporSecret. | Use kustomize buildon the<env>folder orbasefolder to narrow down the problem. Look for the keywordmergein thekustomization.yamlfiles and verify thenameis correctly set. | 
Packages💣
Helpful debugging commands:
# Get the status
kubectl get deployments,po -n <namespace of package>
# Get the logs
kubectl get events --field-selector involvedObject.kind=Deployment -n <namespace of package>
kubectl get events --field-selector involvedObject.kind=Pod -n <namespace of package>