Comments (8)
Hey @ankycooper! Thanks for filing this issue.
We encountered something similar with another customer recently, and in that case it turned out to be an Advanced Protection firewall rule for their 1Password account which was blocking Cloud Providers.
Is your Kubernetes cluster hosted on a cloud provider (e.g. AWS, Azure, Google Cloud, etc.)? If so, can you check your firewall settings to see if that is the case? It could also be another firewall rule depending on what is set there.
To confirm this is the error you're seeing, please check the logs from the connect-sync
container of the Pod for 1Password Connect. You should see something like:
…
(Forbidden (Firewall Rule)), Your request was blocked by an Advanced Protection firewall rule.
…
from connect-helm-charts.
from connect-helm-charts.
works with minikube, but fails with k3s with the error above.
from connect-helm-charts.
Thanks for the updates. It initially smelled a lot like the issue we recently encountered with another customer, which is why I jumped on it.
Thanks for the extra detail; the more information the better! It's particularly interesting that it's inconsistent behaviour across platforms, and this seems like an operator specific issue rather than 1Password Connect (i.e. the plugin, not the server itself).
All that said, I'll defer to our engineering team for a deeper investigation.
from connect-helm-charts.
from connect-helm-charts.
i think there is already a fix that got merged: #108
also we got this problem and updating to chart version 1.9.0
fixed it.
from connect-helm-charts.
I'm already on v1.9.0 tried v1.8.1 got a different error message (still code is 500)
{"level":"info","ts":1669318119.2693477,"logger":"controller_onepassworditem","msg":"Reconciling OnePasswordItem","Request.Namespace":"default","Request.Name":"upsteam-apikey"} {"level":"error","ts":1669318127.3086646,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"default/upsteam-apikey","error":"Failed to retrieve item: status 500: failed to initiate, review service logs for details","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"} {"level":"info","ts":1669318128.3101885,"logger":"controller_onepassworditem","msg":"Reconciling OnePasswordItem","Request.Namespace":"default","Request.Name":"upsteam-apikey"}
from connect-helm-charts.
Apologies for the late reply here. @ankycooper, are you still running into issues? If so, could you please check the logs of the API container of the Connect Pod? It's a bit hidden, but the following line suggests Connect is not able to initialize correctly:
Failed to retrieve item: status 500: failed to initiate, review service logs for details
from connect-helm-charts.
Related Issues (20)
- Helm chart does not allow deploying the Kubernetes operator without also deploying a 1Password Connect server
- More frequently patched images for onepassword-connect HOT 3
- Please add support for (anti)affinity for all deployments, etc HOT 1
- SQLITE ERROR when using PVC HOT 1
- Wrongly generated serviceName when tls is enabled
- Wrongly generated serviceName when tls is enabled HOT 1
- Pod fails to create non-existent mountPath HOT 3
- Incorrect default operator.pollingInterval value HOT 2
- Distinct standalone operator Helm deployments use the same lock HOT 2
- Secret injector deployment incorrectly marked as hook
- Proxy Support or custom env HOT 4
- Chart repo down HOT 3
- Wrong Log severity in GKE & Google Cloud Logs
- Volume "credentials" doesn't seem to be used in the connect deployment
- Chart is broken and unusable HOT 2
- Add ability to install custom CA certificates in the Operator HOT 1
- Please add an extravolumes and extravolumeMounts into connect deployment
- helm uninstall does not remove deployment HOT 2
- failed calling webhook "secrets-injector.1password.com" HOT 1
- Add priorityClassName for the deployments HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connect-helm-charts.