diverdane
commented
1 year ago Hi amogado,
I'm sorry to hear that the Secretless K8s demo isn't working for you.
What is the Docker environment that you're using to run the demo, i.e. is this on a Mac (e.g. with Docker Desktop?) or Windows machine, and what's the Docker version on your host?
From your logs, it appears that the demo container is failing very early, when it is trying to run Kubernetes-in-Docker (KinD), and KinD is using 'kubeadm' to start up control plane Pods. That corresponds to these lines in the runner script:
https://github.com/diverdane/secretless-k8s-demo/blob/master/secretless_demo_runner#L13-L14 I'm at a loss as to why the
Unfortunately, the image used in this demo hasn't been upgraded in 3 years, and I hadn't tried running this in a few years. I just now tried running this demo on a Ubuntu VM (Ubuntu 18.04, so it's an older version of Docker), and it seems to be working (although it took a while for the Grafana Pod to come up).
I suspect that you're trying this on Mac / Docker Desktop? I'm wondering if there's some incompatibility between the demo container and newer versions of Docker, or maybe there's a subtle Docker networking issue.
Sorry if I'm a bit hazy on the details here. I'm actually retired now (for about 7 months now), so things are a bit fuzzy.
If you're using Mac, I think your best bet and your path of least resistance would be to try to run Kubernetes directly on your Mac's Docker Desktop environment. If you can get Kubernetes working, then you should be able to follow the demo here: https://secretless.io/tutorials/kubernetes/kubernetes-tutorial-base.html
If the Secretless tutorial doesn't work in your Kubernetes environment, then you should be able to get some assistance by raising questions on CyberArk Commons in the Secretless Broker category: https://discuss.cyberarkcommons.org/c/secretless-broker/6
Hope this helps, Dane
On Fri, Sep 23, 2022 at 1:49 PM amogado @.***> wrote:
I was following the tutorial you published here (which I quite the same than the Readme of this repo) and, unfortunately, I face issues during the first docker deployment of the custom Kind cluster image :
`bash Start the demo
docker run --rm --name secretless-demo-client -p 30303:8001 -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock -it diverdane/secretless-k8s-demo:v1.17.0 The ControlPlane can't go up with this image and the only way to get out the loop is to restart the docker or getting the container down
systemctl restart docker # or docker stop secretless-demo-client This is my output : output below
@.***:~$ docker run --rm --name secretless-demo-client -p 30303:8001 -p 3000:3000 -v /var/run/docker.sock:/var/run/docker.sock -it diverdane/secretless-k8s-demo Bringing up a cluster Creating cluster "secretless-kube" ... â Ensuring node image (kindest/node:v1.17.0) đŧ â Preparing nodes đĻ đĻ đĻ â Writing configuration đ â Starting control-plane đšī¸ ERROR: failed to create cluster: failed to init node with kubeadm: command "docker exec --privileged secretless-kube-control-plane kubeadm init --ignore-preflight-errors=all --config=/kind/kubeadm.conf --skip-token-print --v=6" failed with error: exit status 1 Modifying Kubernetes config to point to Kind master node Error: No such object: secretless-kube-control-plane sed: /root/.kube/config: No such file or directory
Deploying Kubernetes dashboard and create a dashboard service account
The connection to the server localhost:8080 was refused - did you specify the right host or port? The connection to the server localhost:8080 was refused - did you specify the right host or port? The connection to the server localhost:8080 was refused - did you specify the right host or port? Setting up Kubectl Proxy
Deploying Grafana Dashboard
Starting to serve on 172.17.0.2:8001 The connection to the server localhost:8080 was refused - did you specify the right host or port? Error: looks like "https://kubernetes-charts.storage.googleapis.com" is not a valid chart repository or cannot be reached: failed to fetch https://kubernetes-charts.storage.googleapis.com/index.yaml : 403 Forbidden Error: failed to download "stable/grafana" (hint: running 'helm repo update' may help)
Deploying CyberArk Secretless Broker Kubernetes Demo
Security Administrator Setup: Running script to:
- Create a PostgreSQL database
- Create a DB user for the application
- Add that user's credentials to Kubernetes Secrets
- Configure Secretless to connect to PostgreSQL using those credentials
Deleting namespace 'quick-start-backend-ns'... The connection to the server localhost:8080 was refused - did you specify the right host or port?
Application Developer Setup: Running script to:
- Configure the application to connect to PostgreSQL via Secretless
- Deploy the application and the Secretless sidecar
- Test the application
--- Start application
The connection to the server localhost:8080 was refused - did you specify the right host or port? The connection to the server localhost:8080 was refused - did you specify the right host or port?
The Secretless Broker Kubernetes demo is running!!!
A Pet Store application pod has been deployed that contains both an application container and a CyberArk Secretless Broker sidecar container. The Secretless Broker sidecar container allows the application to connect to a password-protected Postgres database without any knowledge of database credentials!!!
To see the Kubernetes resources that have been configured, start with the following commands:
kubectl get namespaces
kubectl get all -n quick-start-application-ns
kubectl get all -n quick-start-backend-ns
To see the CyberArk Secretless Broker in action, use the scripts in /root to create and list pets in the pet store:
add_pet "Genghis D. Dog"
add_pet "Miss Ava"
add_pet "Mr. Roboto"
list_pets
====================================================
================================================================== You can access the Kubernetes dashboard at the following location:
You will be prompted for login credentials. Run the following script to display the dashboard access token:
get_dashboard_token
==================================================================
Waiting for Grafana pod to become ready The connection to the server localhost:8080 was refused - did you specify the right host or port? The connection to the server localhost:8080 was refused - did you specify the right host or port? . The connection to the server localhost:8080 was refused - did you specify the right host or port? . The connection to the server localhost:8080 was refused - did you specify the right host or port? . The connection to the server local output above (which ends in a loop, as you can see)
`
Could you please help ?
Thank you for your tutorial, nevertheless đ
â Reply to this email directly, view it on GitHub https://github.com/diverdane/secretless-k8s-demo/issues/2, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGEIUY4MXTYIZI42I2MQYE3V7X3SNANCNFSM6AAAAAAQUHD5C4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Hi,
I was following the tutorial you published here (which I quite the same than the Readme of this repo) and, unfortunately, I face issues during the first docker deployment of the custom Kind cluster image : `
`
Could you please help ?
Thank you for your tutorial, nevertheless đ