kubernetes-marketplace
kubernetes-marketplace copied to clipboard
civo
Kubeseal example not working
Hi @soukron I tried your sealsecret installation manifest
This issue is a:
- [X ] Bug Report
- [ ] Enhancement suggestion
- [ ] Feature request
-
Install Kubeseal via Marketplace
-
Run the post install example
❯ echo -n bar | kubectl create secret generic mysecret --dry-run --from-file=foo=/dev/stdin -o json >mysecret.json
result
W1222 13:21:46.889535 17129 helpers.go:555] --dry-run is deprecated and can be replaced with --dry-run=client.
ok, so far so good change the --dry-run part:
❯ echo -n bar | kubectl create secret generic mysecret --dry-run=client --from-file=foo=/dev/stdin -o json >mysecret.json
But step 3 fails definitely:
- seal secret
❯ kubeseal <mysecret.json >mysealedsecret.json
error: cannot fetch certificate: no endpoints available for service "http:sealed-secrets-controller:"
Could it be that ArgoCD is somehow interferencing?
These are all my installed apps:
Hey thanks for reporting the bug. It's been a long time since I added the application so probably has changed.
For your specific error: make sure you're using an appropiate kubeseal binary for the sealed secrets controller that you installed. On the other hand, try to get a list of the services in the Sealed Secrets namespace. Apparently there's one missing, but it could be due to a mismatch in the binary client.
Finally, I'm not sure if my civo account is still active but if it is I will try to reproduce it and upgrade the manifest to a newer version of Sealed Secrets.
I've contacted Civo support team to see if they can help me by providing a small cluster for a week so I can upgrade the manifest in the marketplace and help you.
@exocode in the meantime, please download the kubeseal binary corresponding to the controller version in marketplace (0.12.4) and see if the issue persists.
Quay is on again...
I followed the instructions: of v0.12.4 here: https://github.com/bitnami-labs/sealed-secrets/releases/tag/v0.12.4
(using Mac)
wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.4/kubeseal-darwin-amd64 -O kubeseal
sudo install -m 755 kubeseal /usr/local/bin/kubeseal
❯ kubeseal --fetch-cert -v 10000
I1222 19:07:56.335452 12575 loader.go:375] Config loaded from file: /Users/jan/Downloads/civo-kubesealdemo-kubeconfig
I1222 19:07:56.342414 12575 round_trippers.go:423] curl -k -v -XGET -H "Accept: application/x-pem-file, */*" -H "User-Agent: kubeseal/v0.0.0 (darwin/amd64) kubernetes/$Format" 'https://74.220.26.64:6443/api/v1/namespaces/kube-system/services/http:sealed-secrets-controller:/proxy/v1/cert.pem'
I1222 19:08:29.222644 12575 round_trippers.go:443] GET https://74.220.26.64:6443/api/v1/namespaces/kube-system/services/http:sealed-secrets-controller:/proxy/v1/cert.pem 500 Internal Server Error in 32879 milliseconds
I1222 19:08:29.222668 12575 round_trippers.go:449] Response Headers:
I1222 19:08:29.222673 12575 round_trippers.go:452] Cache-Control: no-cache, private
I1222 19:08:29.222676 12575 round_trippers.go:452] Content-Type: application/json
I1222 19:08:29.222679 12575 round_trippers.go:452] Date: Wed, 22 Dec 2021 18:08:29 GMT
I1222 19:08:29.222681 12575 round_trippers.go:452] Content-Length: 160
I1222 19:08:29.222739 12575 request.go:968] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"error trying to reach service: dial tcp 10.42.0.9:8080: i/o timeout","code":500}
error: cannot fetch certificate: error trying to reach service: dial tcp 10.42.0.9:8080: i/o timeout
(tried everything on a 1 node cluster small with no "Marketplace" apps installed. Only applied your manifest: kubectl apply -f https://raw.githubusercontent.com/civo/kubernetes-marketplace/master/sealed-secrets/app.yaml
