[Solved] Something went wrong when we tried to create 'main' for you: Cannot create branch. The branch name must match this regular expression: (bug|hotfix|feature|release)\/[a-zA-Z0-9]+-[0-9]+-[a-zA-Z0-9-]+/*

 Error:-

While working on a new gitlab repository, when i tried to commit some files into the empty repository it failed with the following error thrown by the pre-receive hook

Something went wrong when we tried to create 'main' for you: Cannot create branch. The branch name must match this regular expression: (bug|hotfix|feature|release|main)\/[a-zA-Z0-9]+-[0-9]+-[a-zA-Z0-9-]+/*

Cause:-

By default Gitlab would restrict the branch name to follow certain standards to make it easier to determine why the branch was created in first place by putting regex like

(bug|hotfix|feature|release)\/[a-zA-Z0-9]+-[0-9]+-[a-zA-Z0-9-]+/* 

so when i tried to create the main branch than also it was expecting the above regex to be matched however that was not the case so it throw the above error. 

Solution :-

It's a good practice to follow naming convention so go ahead and temporarily disable the naming convention in Branch as

repository-->Settings--->Repository--->Push rules--->Branch name

Remove the following values from the Branch name

(bug|hotfix|feature|release)\/[a-zA-Z0-9]+-[0-9]+-[a-zA-Z0-9-]+/*

After that save push rules

Once you have created the main branch than go back and again put the value to follow the regex patter while creating branch in your repository

(bug|hotfix|feature|release)\/[a-zA-Z0-9]+-[0-9]+-[a-zA-Z0-9-]+/*

[Solved] dial unix .lima/colima/ha.sock: connect: connection refused

 Error:-

I have been using colima instead of the docker desktop for some time. Recently while starting colima got the following error

errors inspecting instance: [failed to get Info from "/Users/ankitmittal/.lima/colima/ha.sock": Get "http://lima-hostagent/v1/info": dial unix /Users/ankitmittal/.lima/colima/ha.sock: connect: connection refused]

Cause:-

The issue is caused due to the older sock file and colima not able to read from it properly.

Mastering Kubernetes Dynamic Admission Controller| Series part-7 | External Admission Controller

Launching EKS Cluster on AWS 1.28 using EKSCTL in a New AWS Account

[Solved] Error: updating RDS Cluster KMSKeyNotAccessibleFault: The specified KMS key [null] either doesn't exist, isn't enabled, or isn't accessible by the current user. Either specify a different key or access the key with a different user.

 Issue:-

While restoring RDS Cluster from the snapshot i recently came across a issue with the IAM permission because i was not using the Admin permission rather want to stick with the least permission required to get the work done. Thats where i encountered this error

Error: updating RDS Cluster KMSKeyNotAccessibleFault: The specified KMS key [null] either doesn't exist, isn't enabled, or isn't accessible by the current user. Either specify a different key or access the key with a different user.

Cause/Solution:-

The issue is caused because of the missing IAM permission for the KMS Key. For solution to this problem checkout the Cloudtrail for the Event DescribeKey. You should find a event failing for this event to an unknown key. When you will checkout further you will find the key is for the aws/secretsmanager.

if you select the option ManageMasterUserPassword: true then you not only need to add IAM permissions for secretsmanager:CreateSecret but you also need to add KMS permissions for kms:DescribeKey on the aws/secretsmanager KMS key ID arn.

Copy the Arn of the key which is referenced in the Cloudtrail and make an entry in the IAM role you using that should solve your issue.

In my case AWS Support was not able to figure this out. And they instead point me in wrong direction saying somehow the key was not being passed and its taking value null which is not the case here.

[Solved] KMSKeyNotAccessibleFault: The specified KMS key does not exist, is not enabled or you do not have permissions to access it.

 Error:-

While running the terraform i came across the IAM permission issue which prevented access to the kms key

KMSKeyNotAccessibleFault: The specified KMS key does not exist, is not enabled or you do not have permissions to access it.

Cause:-

The issue is caused because the IAM role being used by terraform is missing the permission of "kms:CreateGrant"

Solution :-

To resolve the issue in the IAM policy please grant the following permission "kms:CreateGrant" to the relevant kms key. that should solve the issue

{  
   "Action": [  
     "kms:Sign",  
     "kms:ReEncrypt*",  
     "kms:GetPublicKey",  
     "kms:GenerateDataKey*",  
     "kms:Encrypt",  
     "kms:DescribeKey",  
     "kms:Decrypt",  
     "kms:CreateGrant"  
   ],  
   "Effect": "Allow",  
   "Resource": [  
     "arn:aws:kms:ap-south-1:121294719847:key/e96772364-f678-4589-82aa-396casdafu",  
     "arn:aws:kms:ap-south-1:121294719847:key/6415234-e778-4355-a224-8f42341234",  
     "arn:aws:kms:ap-south-1:121294719847:key/077b234-b165-4d5c-be78-a174ad23"  
   ]  
 }  

[Solved] * exec: "tfsec": executable file not found in $PATH

 Error:-

While running the terragrunt plan in the Gitlab runner came across the following error

* exec: "tfsec": executable file not found in $PATH

Cause:-

The issue is caused because the tfsec was not installed in the container image.

Solution :-

To install the tfsec simply run the following bash script and it should install the tfsec on your machine

curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash

Mastering Kubernetes Dynamic Admission Controller | Series Part-4 | Validating Admission Controller

Mastering Kubernetes Dynamic Admission Controller | Series Part-3|| Mutating Admission Controller use case