App could not list namespace and encrypt about kubeseal-webgui HOT 13 CLOSED

Are you running with an uptodate UI image? It should forward the requests to the API image.

from kubeseal-webgui.

@xcloudx87 after investigating the Helm chart, we realized that the api.url inside the values.yaml points to the wrong Port. Can you please try to change the value to http://localhost:8080
?

You can Do this directly when using the Helm template command with the Parameter --set api.url=https://localhost:8080

from kubeseal-webgui.

@Jaydee94 Thank you very much. I got it work with namespace default.
helm template kubeseal-webgui chart/kubeseal-webgui/ --set api.url=http://localhost:8080 | kubectl apply -f - --namespace default

But if i pass different namespace then it will not work. So I think this is issue with RBAC config in helm chart. I will dig into it then get back to you if I have any ideas.

Thanks a lot for your help!

from kubeseal-webgui.

@xcloudx87 you are correct. I will change it, thanks.
Have a good day.

from kubeseal-webgui.

@xcloudx87 feel free to give us a Github Star 😉

from kubeseal-webgui.

@Jaydee94 For sure, I love your app :))

Starred!

from kubeseal-webgui.

Hey @xcloudx87, did you port-forward the Port 5000 on your localhost?
Are you running the app in a local kubernetes cluster?
Could you See some log outputs?

Best regards.

from kubeseal-webgui.

Hi @Jaydee94
No I didn't because i am deploying using helm chart to kubernetes, api and ui on the same pod so there is 1 port only can be forwarded.

This is log output from pod:
\

Could you guys please advise?

from kubeseal-webgui.

@xcloudx87 as @FSchumacher mentioned.. Which Image Version Do you use?

from kubeseal-webgui.

@Jaydee94 It should be the latest version. Please give a look at below:

BTW I have followed instruction from README file with this command:
helm template kubeseal-webgui chart/kubeseal-webgui/ | kubectl apply -f - --namespace kubeseal-webgui

from kubeseal-webgui.

@Jaydee94 I did it but no luck, BTW i got below error from log:

api * Environment: production
api WARNING: This is a development server. Do not use it in a production deployment.
api Use a production WSGI server instead.
api * Debug mode: off
api {"message": " * Running on all addresses.\n WARNING: This is a development server. Do not use it in a production deployment.", "time": "2021-12-16T10:42:06.943525"}
api {"message": " * Running on http://10.42.2.71:5000/ (Press CTRL+C to quit)", "time": "2021-12-16T10:42:06.944043"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:12] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:12.173283"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:13] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:13.837719"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:22] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:22.172158"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:23] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:23.838014"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:32] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:32.172189"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:33] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:33.838392"}
api {"message": "Resolving in-cluster Namespaces", "time": "2021-12-16T10:42:34.678114"}
api {"message": "127.0.0.1 - - [16/Dec/2021 10:42:35] "\u001b[35m\u001b[1mGET /namespaces HTTP/1.1\u001b[0m" 500 -", "time": "2021-12-16T10:42:35.510851"}
api [2021-12-16 10:42:34,892[] ERROR in app: Exception on /namespaces [GET[]
api Traceback (most recent call last):
api File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1513, in full_dispatch_request
api rv = self.dispatch_request()
api File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1499, in dispatch_request
api return self.ensure_sync(self.view_functions[rule.endpoint[])(**req.view_args)
api File "/usr/local/lib/python3.9/site-packages/flask_restful/init.py", line 467, in wrapper
api resp = resource(*args, **kwargs)
api File "/usr/local/lib/python3.9/site-packages/flask/views.py", line 83, in view
api return self.dispatch_request(*args, **kwargs)
api File "/usr/local/lib/python3.9/site-packages/flask_restful/init.py", line 582, in dispatch_request
api resp = meth(*args, **kwargs)
api File "/kubeseal-webgui/app/kubernetes.py", line 19, in get
api return get_incluster_namespaces()
api File "/kubeseal-webgui/app/kubernetes.py", line 31, in get_incluster_namespaces
api namespaces = v1.list_namespace()
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api/core_v1_api.py", line 14447, in list_namespace
api return self.list_namespace_with_http_info(**kwargs) # noqa: E501
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api/core_v1_api.py", line 14554, in list_namespace_with_http_info
api return self.api_client.call_api(
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 348, in call_api
api return self.__call_api(resource_path, method,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 180, in __call_api
api response_data = self.request(
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 373, in request
api return self.rest_client.GET(url,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py", line 239, in GET
api return self.request("GET", url,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py", line 233, in request
api raise ApiException(http_resp=r)
api kubernetes.client.exceptions.ApiException: (403)
api Reason: Forbidden
api HTTP response headers: HTTPHeaderDict({'Audit-Id': 'fe0a72ae-dc9b-4072-bae6-72046b9f456e', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '60a5bb6b-9a3c-4063-8d9d-78afd73e2dfc', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'abf2c887-3201-4238-b061-c234c532f08c', 'Date': 'Thu, 16 Dec 2021 10:42:34 GMT', 'Content-Length': '308'})
api HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"namespaces is forbidden: User "system:serviceaccount:kubeseal-webgui:kubeseal-webgui" cannot list resource "namespaces" in API group "" at the cluster scope","reason":"Forbidden","details":{"kind":"namespaces"},"code":403}
api {"message": "127.0.0.1 - - [16/Dec/2021 10:42:36] "GET /config HTTP/1.1" 200 -", "time": "2021-12-16T10:42:36.348677"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:42] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:42.172090"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:43] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:43.837567"}
ui /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration

Could you please advise? Look like there was something wrong with RBAC?

from kubeseal-webgui.

@xcloudx87 it is necesarry to deploy the clusterole that's included inside the Helm chart. Do you have enough permissions to deploy clusterole to the kubernetes cluster? If Not it is Not possible to run the application properly. The api is running under a specific Service Account which Has a binding to a clusterole that can list namespaces.
You can try kubectl get clusteroles and try to find the kubeseal-webgui-list-namespaces clusterole.

from kubeseal-webgui.

@Jaydee94

Ok I am back!!!

For helm command from https://github.com/Jaydee94/kubeseal-webgui/tree/master/chart/kubeseal-webgui it will always use default as namespace name. So could you please get it correctly by adding --namespace to it.
Original:

helm template chart/kubeseal-webgui/ | kubectl apply -f - --namespace <namespacename>

Suggested command:

helm template chart/kubeseal-webgui/ --namespace <namespacename> | kubectl apply -f - --namespace <namespacename>

This will fix issue for anyone tries to run app with different namespace.

Please advise if I am wrong.

Thanks in advance.

from kubeseal-webgui.