Comments (13)
Are you running with an uptodate UI image? It should forward the requests to the API image.
from kubeseal-webgui.
@xcloudx87 after investigating the Helm chart, we realized that the api.url inside the values.yaml points to the wrong Port. Can you please try to change the value to http://localhost:8080
?
You can Do this directly when using the Helm template command with the Parameter --set api.url=https://localhost:8080
from kubeseal-webgui.
@Jaydee94 Thank you very much. I got it work with namespace default.
helm template kubeseal-webgui chart/kubeseal-webgui/ --set api.url=http://localhost:8080 | kubectl apply -f - --namespace default
But if i pass different namespace then it will not work. So I think this is issue with RBAC config in helm chart. I will dig into it then get back to you if I have any ideas.
Thanks a lot for your help!
from kubeseal-webgui.
@xcloudx87 you are correct. I will change it, thanks.
Have a good day.
from kubeseal-webgui.
@xcloudx87 feel free to give us a Github Star 😉
from kubeseal-webgui.
@Jaydee94 For sure, I love your app :))
Starred!
from kubeseal-webgui.
Hey @xcloudx87, did you port-forward the Port 5000 on your localhost?
Are you running the app in a local kubernetes cluster?
Could you See some log outputs?
Best regards.
from kubeseal-webgui.
Hi @Jaydee94
No I didn't because i am deploying using helm chart to kubernetes, api and ui on the same pod so there is 1 port only can be forwarded.
This is log output from pod:
\
Could you guys please advise?
from kubeseal-webgui.
@xcloudx87 as @FSchumacher mentioned.. Which Image Version Do you use?
from kubeseal-webgui.
@Jaydee94 It should be the latest version. Please give a look at below:
BTW I have followed instruction from README file with this command:
helm template kubeseal-webgui chart/kubeseal-webgui/ | kubectl apply -f - --namespace kubeseal-webgui
from kubeseal-webgui.
@Jaydee94 I did it but no luck, BTW i got below error from log:
api * Environment: production
api WARNING: This is a development server. Do not use it in a production deployment.
api Use a production WSGI server instead.
api * Debug mode: off
api {"message": " * Running on all addresses.\n WARNING: This is a development server. Do not use it in a production deployment.", "time": "2021-12-16T10:42:06.943525"}
api {"message": " * Running on http://10.42.2.71:5000/ (Press CTRL+C to quit)", "time": "2021-12-16T10:42:06.944043"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:12] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:12.173283"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:13] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:13.837719"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:22] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:22.172158"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:23] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:23.838014"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:32] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:32.172189"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:33] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:33.838392"}
api {"message": "Resolving in-cluster Namespaces", "time": "2021-12-16T10:42:34.678114"}
api {"message": "127.0.0.1 - - [16/Dec/2021 10:42:35] "\u001b[35m\u001b[1mGET /namespaces HTTP/1.1\u001b[0m" 500 -", "time": "2021-12-16T10:42:35.510851"}
api [2021-12-16 10:42:34,892[] ERROR in app: Exception on /namespaces [GET[]
api Traceback (most recent call last):
api File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1513, in full_dispatch_request
api rv = self.dispatch_request()
api File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1499, in dispatch_request
api return self.ensure_sync(self.view_functions[rule.endpoint[])(**req.view_args)
api File "/usr/local/lib/python3.9/site-packages/flask_restful/init.py", line 467, in wrapper
api resp = resource(*args, **kwargs)
api File "/usr/local/lib/python3.9/site-packages/flask/views.py", line 83, in view
api return self.dispatch_request(*args, **kwargs)
api File "/usr/local/lib/python3.9/site-packages/flask_restful/init.py", line 582, in dispatch_request
api resp = meth(*args, **kwargs)
api File "/kubeseal-webgui/app/kubernetes.py", line 19, in get
api return get_incluster_namespaces()
api File "/kubeseal-webgui/app/kubernetes.py", line 31, in get_incluster_namespaces
api namespaces = v1.list_namespace()
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api/core_v1_api.py", line 14447, in list_namespace
api return self.list_namespace_with_http_info(**kwargs) # noqa: E501
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api/core_v1_api.py", line 14554, in list_namespace_with_http_info
api return self.api_client.call_api(
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 348, in call_api
api return self.__call_api(resource_path, method,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 180, in __call_api
api response_data = self.request(
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/api_client.py", line 373, in request
api return self.rest_client.GET(url,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py", line 239, in GET
api return self.request("GET", url,
api File "/usr/local/lib/python3.9/site-packages/kubernetes/client/rest.py", line 233, in request
api raise ApiException(http_resp=r)
api kubernetes.client.exceptions.ApiException: (403)
api Reason: Forbidden
api HTTP response headers: HTTPHeaderDict({'Audit-Id': 'fe0a72ae-dc9b-4072-bae6-72046b9f456e', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '60a5bb6b-9a3c-4063-8d9d-78afd73e2dfc', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'abf2c887-3201-4238-b061-c234c532f08c', 'Date': 'Thu, 16 Dec 2021 10:42:34 GMT', 'Content-Length': '308'})
api HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"namespaces is forbidden: User "system:serviceaccount:kubeseal-webgui:kubeseal-webgui" cannot list resource "namespaces" in API group "" at the cluster scope","reason":"Forbidden","details":{"kind":"namespaces"},"code":403}
api {"message": "127.0.0.1 - - [16/Dec/2021 10:42:36] "GET /config HTTP/1.1" 200 -", "time": "2021-12-16T10:42:36.348677"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:42] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:42.172090"}
api {"message": "10.42.2.1 - - [16/Dec/2021 10:42:43] "GET /secrets HTTP/1.1" 200 -", "time": "2021-12-16T10:42:43.837567"}
ui /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
Could you please advise? Look like there was something wrong with RBAC?
from kubeseal-webgui.
@xcloudx87 it is necesarry to deploy the clusterole that's included inside the Helm chart. Do you have enough permissions to deploy clusterole to the kubernetes cluster? If Not it is Not possible to run the application properly. The api is running under a specific Service Account which Has a binding to a clusterole that can list namespaces.
You can try kubectl get clusteroles and try to find the kubeseal-webgui-list-namespaces clusterole.
from kubeseal-webgui.
Ok I am back!!!
For helm command from https://github.com/Jaydee94/kubeseal-webgui/tree/master/chart/kubeseal-webgui it will always use default as namespace name. So could you please get it correctly by adding --namespace to it.
Original:
helm template chart/kubeseal-webgui/ | kubectl apply -f - --namespace <namespacename>
Suggested command:
helm template chart/kubeseal-webgui/ --namespace <namespacename> | kubectl apply -f - --namespace <namespacename>
This will fix issue for anyone tries to run app with different namespace.
Please advise if I am wrong.
Thanks in advance.
from kubeseal-webgui.
Related Issues (20)
- Add dockerignore file
- String generator to fill value HOT 6
- Display all rendered keys besides the complete SealedSecret object
- Include mock into origin python api with toggle
- 4.0.0 auto fetch doesn't work because of changed directory HOT 1
- "Scope" and "Upload File" Fields are missing ! HOT 4
- Key restrictions are preventing env variable secrets from being created.
- Missing nodeSelector, tolerations and affinity configuration HOT 13
- Sealed Secrets sealed from UI can't be decrypted in cluster HOT 7
- kubeseal-webgui : TypeError: Failed to fetch HOT 6
- run the webgui under sub-url HOT 4
- Validate Sealed Secret Objects in the ui
- Container image tag `latest` does not point to newest release HOT 1
- Frontend Tests
- Refactor vue development server
- Vulnerabilities detected in latest release (4.2.2) HOT 4
- [Enhancement Request] Dropdown Inclusion of Multiple Cluster Namespaces HOT 3
- Upload a secret object
- Helm chart: clusterRole need verb get HOT 3
- Request for Helm Chart Improvements HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeseal-webgui.