Cluster side KAS setup : "error handling a connection"

sakthi-vivek · December 24, 2021, 10:02am

Hello,

I have the following setup on my PC,

A completely fresh minikube cluster, with just the command minikube start.
GitLab 14.5.2-ee in a docker container
- followed GitLab Docker images | GitLab
Installed KAS in GitLab with Omnibus
- followed Install the GitLab Agent Server (KAS) | GitLab
Lets-encrypt SSL setup
- followed SSL Configuration | GitLab
Setup the config repository
- followed (halfway) GitLab Kubernetes Agent Setup Walkthrough - Round 2 - YouTube

While installing KAS agent, I was offered a Recommended installation using kubectl. I could run it on my PC with minikube to get the gitlab-agent running in the cluster. However, the logs are filled with the following messages,

{"level":"error","time":"2021-12-24T09:37:14.669Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab.example.com/-/kubernetes-agent\\\": dial tcp 172.17.0.2:443: connect: connection refused\""}
{"level":"error","time":"2021-12-24T09:37:22.986Z","msg":"Error handling a connection","mod_name":"reverse_tunnel","error":"Connect(): rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab.example.com/-/kubernetes-agent\\\": dial tcp 172.17.0.2:443: connect: connection refused\""}
{"level":"warn","time":"2021-12-24T09:37:24.493Z","msg":"GetConfiguration failed","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing failed to WebSocket dial: failed to send handshake request: Get \\\"https://gitlab.example.com/-/kubernetes-agent\\\": dial tcp 172.17.0.2:443: connect: connection refused\""}

Naturally, the connection status of the KAS agent on GitLab remains Never connected.

Any help would be much appreciated. Thank you.

richK · January 4, 2022, 2:39pm

Same problem, but using wss:// not https://
Same results in logs. Gitlab-ce 14.6.0

usersina · May 11, 2022, 3:02pm

Same here using 14.10.2-ee and specifically when using helm. Note that it still works with the docker image surprisingly.

~~So this works~~ Nope, it also does not


docker run --pull=always --rm \
    registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable generate \
    --agent-token=xxxxxxxxxxxxxxxxxxxxxxxx \
    --kas-address=wss://git.self-hosted.com/-/kubernetes-agent/ \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

But this does not

helm repo add gitlab https://charts.gitlab.io
helm repo update
helm upgrade --install gitlab-agent gitlab/gitlab-agent \
    --namespace gitlab-agent \
    --create-namespace \
    --set config.token=xxxxxxxxxxxxxxxxxxxxxxxx \
    --set config.kasAddress=wss://git.self-hosted.com/-/kubernetes-agent/

Edit: I was using microk8s and the storage add-on was not enabled. Enabling it does the trick.

It’s needed since the agent mounts some secrets on the host machine. I figured it out by describing the created Pod and I found out that it does indeed a volumeMounts