Kubeseal example not working

[exocode]

Hi @soukron I tried your sealsecret installation manifest

This issue is a:

• [X ] Bug Report
• [ ] Enhancement suggestion
• [ ] Feature request

1. Install Kubeseal via Marketplace

2. Run the post install example

❯ echo -n bar | kubectl create secret generic mysecret --dry-run --from-file=foo=/dev/stdin -o json >mysecret.json

result

W1222 13:21:46.889535 17129 helpers.go:555] --dry-run is deprecated and can be replaced with --dry-run=client.

ok, so far so good change the --dry-run part:

❯ echo -n bar | kubectl create secret generic mysecret --dry-run=client --from-file=foo=/dev/stdin -o json >mysecret.json

But step 3 fails definitely:

3. seal secret

   ❯ kubeseal <mysecret.json >mysealedsecret.json
   error: cannot fetch certificate: no endpoints available for service "http:sealed-secrets-controller:"

Could it be that ArgoCD is somehow interferencing?

These are all my installed apps:

[soukron]

Hey thanks for reporting the bug. It's been a long time since I added the application so probably has changed.

For your specific error: make sure you're using an appropiate kubeseal binary for the sealed secrets controller that you installed. On the other hand, try to get a list of the services in the Sealed Secrets namespace. Apparently there's one missing, but it could be due to a mismatch in the binary client.

Finally, I'm not sure if my civo account is still active but if it is I will try to reproduce it and upgrade the manifest to a newer version of Sealed Secrets.

[soukron]

I've contacted Civo support team to see if they can help me by providing a small cluster for a week so I can upgrade the manifest in the marketplace and help you.

[exocode]

Thank you

[soukron]

@exocode in the meantime, please download the kubeseal binary corresponding to the controller version in marketplace (0.12.4) and see if the issue persists.

[exocode]

Quay is on again...

I followed the instructions: of v0.12.4 here: https://github.com/bitnami-labs/sealed-secrets/releases/tag/v0.12.4

(using Mac)

wget https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.12.4/kubeseal-darwin-amd64 -O kubeseal

sudo install -m 755 kubeseal /usr/local/bin/kubeseal

❯ kubeseal --fetch-cert -v 10000
I1222 19:07:56.335452   12575 loader.go:375] Config loaded from file:  /Users/jan/Downloads/civo-kubesealdemo-kubeconfig
I1222 19:07:56.342414   12575 round_trippers.go:423] curl -k -v -XGET  -H "Accept: application/x-pem-file, */*" -H "User-Agent: kubeseal/v0.0.0 (darwin/amd64) kubernetes/$Format" 'https://74.220.26.64:6443/api/v1/namespaces/kube-system/services/http:sealed-secrets-controller:/proxy/v1/cert.pem'
I1222 19:08:29.222644   12575 round_trippers.go:443] GET https://74.220.26.64:6443/api/v1/namespaces/kube-system/services/http:sealed-secrets-controller:/proxy/v1/cert.pem 500 Internal Server Error in 32879 milliseconds
I1222 19:08:29.222668   12575 round_trippers.go:449] Response Headers:
I1222 19:08:29.222673   12575 round_trippers.go:452]     Cache-Control: no-cache, private
I1222 19:08:29.222676   12575 round_trippers.go:452]     Content-Type: application/json
I1222 19:08:29.222679   12575 round_trippers.go:452]     Date: Wed, 22 Dec 2021 18:08:29 GMT
I1222 19:08:29.222681   12575 round_trippers.go:452]     Content-Length: 160
I1222 19:08:29.222739   12575 request.go:968] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"error trying to reach service: dial tcp 10.42.0.9:8080: i/o timeout","code":500}
error: cannot fetch certificate: error trying to reach service: dial tcp 10.42.0.9:8080: i/o timeout

[exocode]

(tried everything on a 1 node cluster small with no "Marketplace" apps installed. Only applied your manifest: kubectl apply -f https://raw.githubusercontent.com/civo/kubernetes-marketplace/master/sealed-secrets/app.yaml

[saiyam1814]

Hi @exocode can you raise a PR to fix it on the marketplace app side ?