Closed dai-mk closed 2 years ago
@jrcast @maxres-fr @lee-baines @snarlysodboxer Is this repository maintained?
Hi @dai-mk. Yes, although we're not currently developing any new features for the secret-agent.
A couple of questions:
kubectl describe sac forgerock-sac
Hi @lee-baines
Error from server (NotFound): secretagentconfigurations.secret-agent.secrets.forgerock.io "forgerock-sac" not found
Sorry that wouldn't work because the sac wasn't created. The sac that we use for our ForgeRock deployments can be found here: https://github.com/ForgeRock/forgeops/blob/master/kustomize/base/secrets/secret_agent_config.yaml. Can you please try and kubectl apply
that?
@lee-baines
When I try that I get this error:
$ kubectl apply -f secret_agent_config.yaml
Error from server (InternalError): error when creating "secret_agent_config.yaml": Internal error occurred: failed calling webhook "msecretagentconfiguration.kb.io": Post "https://secret-agent-webhook-service.secret-agent-system.svc:443/mutate-secret-agent-secrets-forgerock-io-v1alpha1-secretagentconfiguration?timeout=30s": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Thanks, can you try a couple of things please. Can you check the secret-agent logs at the time of attempting to apply the sac? Also, in secret-agent-system namespace, run kubectl get services
.
Manager:
I0422 21:44:17.702190 1 request.go:655] Throttling request took 1.047643378s, request: GET:https://172.20.0.1:443/apis/storage.k8s.io/v1?timeout=32s
{"level":"info","ts":1650663858.8644586,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":1650663858.8653393,"logger":"setup","msg":"Starting webhook related patches"}
{"level":"info","ts":1650663862.0041342,"logger":"controller-runtime.builder","msg":"Registering a mutating webhook","GVK":"secret-agent.secrets.forgerock.io/v1alpha1, Kind=SecretAgentConfiguration","path":"/mutate-secret-agent-secrets-forgerock-io-v1alpha1-secretagentconfiguration"}
{"level":"info","ts":1650663862.0042436,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/mutate-secret-agent-secrets-forgerock-io-v1alpha1-secretagentconfiguration"}
{"level":"info","ts":1650663862.0043132,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"secret-agent.secrets.forgerock.io/v1alpha1, Kind=SecretAgentConfiguration","path":"/validate-secret-agent-secrets-forgerock-io-v1alpha1-secretagentconfiguration"}
{"level":"info","ts":1650663862.0043674,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-secret-agent-secrets-forgerock-io-v1alpha1-secretagentconfiguration"}
{"level":"info","ts":1650663862.004456,"logger":"setup","msg":"starting manager"}
{"level":"info","ts":1650663862.0046754,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
{"level":"info","ts":1650663862.0048833,"logger":"controller-runtime.manager.controller.secretagentconfiguration","msg":"Starting EventSource","reconciler group":"secret-agent.secrets.forgerock.io","reconciler kind":"SecretAgentConfiguration","source":"kind source: /, Kind="}
{"level":"info","ts":1650663862.0050583,"logger":"controller-runtime.webhook.webhooks","msg":"starting webhook server"}
{"level":"info","ts":1650663862.0147226,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1650663862.014914,"logger":"controller-runtime.webhook","msg":"serving webhook server","host":"","port":9443}
{"level":"info","ts":1650663862.015036,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
{"level":"info","ts":1650663862.1062105,"logger":"controller-runtime.manager.controller.secretagentconfiguration","msg":"Starting EventSource","reconciler group":"secret-agent.secrets.forgerock.io","reconciler kind":"SecretAgentConfiguration","source":"kind source: /, Kind="}
{"level":"info","ts":1650663862.2068095,"logger":"controller-runtime.manager.controller.secretagentconfiguration","msg":"Starting Controller","reconciler group":"secret-agent.secrets.forgerock.io","reconciler kind":"SecretAgentConfiguration"}
{"level":"info","ts":1650663862.206861,"logger":"controller-runtime.manager.controller.secretagentconfiguration","msg":"Starting workers","reconciler group":"secret-agent.secrets.forgerock.io","reconciler kind":"SecretAgentConfiguration","worker count":1}
kube-rbac-proxy
I0422 21:44:17.472945 1 main.go:190] Valid token audiences:
I0422 21:44:17.473029 1 main.go:262] Generating self signed cert as no cert is provided
I0422 21:44:17.933761 1 main.go:311] Starting TCP socket on 0.0.0.0:8443
I0422 21:44:17.935092 1 main.go:318] Listening securely on 0.0.0.0:8443
The services:
$ kubectl -n secret-agent-system get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
secret-agent-controller-manager-metrics-service ClusterIP 172.20.143.47 <none> 8443/TCP 2d16h
secret-agent-webhook-service ClusterIP 172.20.230.169 <none> 443/TCP 13d
I can't reproduce it. I just provisioned an AWS cluster and it worked fine: It may be an issue with how your cluster is setup.
Can you try it on minikube?
Minikube with CDK works fine. I'm following the ForgeRock ForgeOps CDM readme and have create an empty cluster (but not with eksctl or cluster-up.sh) Is secret-agent
needing something special?
I see at perviously this same error message was solved in another issue, but doesn't say how: https://github.com/ForgeRock/secret-agent/issues/142
Have you tried running a secret-agent delete
then secret-agent install
? secret-agent doesn't require anything special hence it works on a simple minikube cluster
Hello everyone,
I followed the README and installed secret-agent in version
1.1.6
and rankubectl apply -f config/samples/secret-agent_v1alpha1_secretagentconfiguration.yaml
but I get this error. Can you guys please point me in the direction how I can fix this?From my side I don't understand this error.
Secret Agent
seems to proberly run:Log also looks unsuspicious to me: