Installing external secrets operator on EKS

353 Views Asked by At

I m installing the external secrets operator (https://charts.external-secrets.io) using helm.

Server Version : Major:"1", Minor:"21+"
operator version: 0.6.1

The install completes but I am unable to configure the Secretstore and ClusterSecretStore

Release "external-secrets-store" does not exist. Installing it now. Error: Internal error occurred: failed calling webhook "validate.clustersecretstore.external-secrets.io": Post "https://external-secrets-operator-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-clustersecretstore?timeout=5s": Address is not allowed

Logs from webhook

{"level":"info","ts":1669207765.3453715,"logger":"setup","msg":"validating certs"}
{"level":"error","ts":1669207765.345434,"logger":"setup","msg":"invalid certs. retrying...","error":"stat /tmp/certs/tls.crt: no such file or directory","stacktrace":"github.com/external-secrets/external-secrets/cmd.waitForCerts\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:179\ngithub.com/external-secrets/external-secrets/cmd.glob..func3\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:73\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:876\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918\ngithub.com/external-secrets/external-secrets/cmd.Execute\n\t/home/runner/work/external-secrets/external-secrets/cmd/root.go:196\nmain.main\n\t/home/runner/work/external-secrets/external-secrets/main.go:21\nruntime.main\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/proc.go:250"}
{"level":"info","ts":1669207775.3457878,"logger":"setup","msg":"validating certs"}
{"level":"error","ts":1669207775.3458376,"logger":"setup","msg":"invalid certs. retrying...","error":"stat /tmp/certs/tls.crt: no such file or directory","stacktrace":"github.com/external-secrets/external-secrets/cmd.waitForCerts\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:179\ngithub.com/external-secrets/external-secrets/cmd.glob..func3\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:73\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:876\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918\ngithub.com/external-secrets/external-secrets/cmd.Execute\n\t/home/runner/work/external-secrets/external-secrets/cmd/root.go:196\nmain.main\n\t/home/runner/work/external-secrets/external-secrets/main.go:21\nruntime.main\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/proc.go:250"}
{"level":"info","ts":1669207785.3466249,"logger":"setup","msg":"validating certs"}
{"level":"info","ts":1669207786.2514665,"logger":"controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":1669207786.2521727,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.252218,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret","path":"/validate-external-secrets-io-v1beta1-externalsecret"}
{"level":"info","ts":1669207786.252368,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-externalsecret"}
{"level":"info","ts":1669207786.2527714,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"}
{"level":"info","ts":1669207786.252854,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.2528841,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2529173,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=SecretStore","path":"/validate-external-secrets-io-v1beta1-secretstore"}
{"level":"info","ts":1669207786.2530055,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-secretstore"}
{"level":"info","ts":1669207786.253111,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2531273,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2531528,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore","path":"/validate-external-secrets-io-v1beta1-clustersecretstore"}
{"level":"info","ts":1669207786.253226,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-clustersecretstore"}
{"level":"info","ts":1669207786.253325,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2533405,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.253349,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.253387,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.2533972,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534065,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534387,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534492,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534566,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534847,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534919,"logger":"setup","msg":"starting manager"}
{"level":"info","ts":1669207786.2535942,"logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"}
{"level":"info","ts":1669207786.2536635,"msg":"Starting server","kind":"health probe","addr":"[::]:8081"}
{"level":"info","ts":1669207786.2542117,"msg":"Starting server","path":"/metrics","kind":"metrics","addr":"[::]:8080"}
{"level":"info","ts":1669207786.2566836,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1669207786.257051,"logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":10250}
{"level":"info","ts":1669207786.2571428,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
{"level":"info","ts":1669208085.3479762,"logger":"setup","msg":"validating certs"}
{"level":"info","ts":1669208085.348762,"logger":"setup","msg":"certs are valid"}

Logs from cert-controller

{"level":"info","ts":1669207773.8279474,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207778.8282328,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207783.8275874,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207788.8318472,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207997.3274567,"logger":"controllers.webhook-certs-updater","msg":"updating webhook config","Webhookconfig":"/secretstore-validate"}
{"level":"info","ts":1669207997.3311808,"logger":"controllers.webhook-certs-updater","msg":"injecting ca certificate and service names","cacrt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSakNDQWk2Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREEyTVJrd0Z3WURWUVFLRXhCbGVIUmwKY201aGJDMXpaV055WlhSek1Sa3dGd1lEVlFRREV4QmxlSFJsY201aGJDMXpaV055WlhSek1CNFhEVEl5TVRFeQpNekV4TkRneE5sb1hEVE15TVRFeU1ERXlORGd4Tmxvd05qRVpNQmNHQTFVRUNoTVFaWGgwWlhKdVlXd3RjMlZqCmNtVjBjekVaTUJjR0ExVUVBeE1RWlhoMFpYSnVZV3d0YzJWamNtVjBjekNDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk9wc00yeWYxZjBKd05XaGttWVlZb3MyOFFxMVNUOHNNY29sL2RwcGVQSwpmNVdDZkUyUlh2RVZ3emlFSHJoa0Uyd2JMYjlCaGcwZzNkUG9rZFJOR3Ixd3c4ajlNY3BVc0ZRTTVPZTZYbDl2CkVpTlV4WTZRUUd5dmdaYmo2NFVOY1hIQWJCMVh5eXJFMEtRelFCa0NiMWZWN0ZMMkRPRXZBMHZ5K1JFaGpoZUEKRHN5cWhQTjdjVkZuQytXbXVMYXVoNnNrNWxsdjVmamN5MVpvYVBKVmMvb2R1R3FDTis0UEV1b1U1V01nSW1JegpjeHVxOWpMcTE1eWhNYlV0NFVZK2ZSS29iUWNRcStIbmFTV3JYZXhTT2hab3psUy91L0RXckhOYUZ3ZkF1UUdzCnpOZldQdkdvd1BUbmFnZ3B4WnVkNmQ2VUNhTldXVTkxMUZwV2d2bjNZeVVDQXdFQUFhTmZNRjB3RGdZRFZSMFAKQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkoxckx6b3FYNWFSU3A2WgpScW96QW1veSsyK1BNQnNHQTFVZEVRUVVNQktDRUdWNGRHVnlibUZzTFhObFkzSmxkSE13RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFKY2dZSzBySzVIVTltVXQ5ZGZSS2dHVTNmOGV0NVpWQTJTQ1B2SUxRZk81NzRqNjh0ZUQKS2k1ZjFGdmtiM0I2eWM0b2tkN05ERDlpeEdXc3IxZXVCTTNXS2dJQUtlTllOUHRDWDJwSFYwWTgwVjdiWVlYdQpsdVFtc3lzWGhUT0xzT2NyTmphZVZxOVF5NHNOemRiN09NWmRrYnU4eGw1TmhiVUJYcXRna2M5N01hNC9QaEdJCmJUZ21yTnFQZG85akp6R0dUWXppL3FFV0dBWmluTWx5RkRwSTRuWlB4VlZDVXQ3bkxibW54YSsrNUZRK2R1aXQKUFNMam80N0JVR1lxV2hOZmlmOXNacXZtMm1sL01aRGFBS1krSnlGNVV5bysxM2lNanQ2Slk4NitmV3BkTkRNcQpxRU1RMXplanI2ZjhWaStkUzdwREdaTlZ0M243UmxSSTBiUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","name":"secretstore-validate"}
{"level":"info","ts":1669207997.3456585,"logger":"controllers.webhook-certs-updater","msg":"updated webhook config","Webhookconfig":"/secretstore-validate"}
{"level":"info","ts":1669207997.3611357,"logger":"controllers.webhook-certs-updater","msg":"updating webhook config","Webhookconfig":"/externalsecret-validate"}
{"level":"info","ts":1669207997.3660078,"logger":"controllers.webhook-certs-updater","msg":"injecting ca certificate and service names","cacrt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSakNDQWk2Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREEyTVJrd0Z3WURWUVFLRXhCbGVIUmwKY201aGJDMXpaV055WlhSek1Sa3dGd1lEVlFRREV4QmxlSFJsY201aGJDMXpaV055WlhSek1CNFhEVEl5TVRFeQpNekV4TkRneE5sb1hEVE15TVRFeU1ERXlORGd4Tmxvd05qRVpNQmNHQTFVRUNoTVFaWGgwWlhKdVlXd3RjMlZqCmNtVjBjekVaTUJjR0ExVUVBeE1RWlhoMFpYSnVZV3d0YzJWamNtVjBjekNDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk9wc00yeWYxZjBKd05XaGttWVlZb3MyOFFxMVNUOHNNY29sL2RwcGVQSwpmNVdDZkUyUlh2RVZ3emlFSHJoa0Uyd2JMYjlCaGcwZzNkUG9rZFJOR3Ixd3c4ajlNY3BVc0ZRTTVPZTZYbDl2CkVpTlV4WTZRUUd5dmdaYmo2NFVOY1hIQWJCMVh5eXJFMEtRelFCa0NiMWZWN0ZMMkRPRXZBMHZ5K1JFaGpoZUEKRHN5cWhQTjdjVkZuQytXbXVMYXVoNnNrNWxsdjVmamN5MVpvYVBKVmMvb2R1R3FDTis0UEV1b1U1V01nSW1JegpjeHVxOWpMcTE1eWhNYlV0NFVZK2ZSS29iUWNRcStIbmFTV3JYZXhTT2hab3psUy91L0RXckhOYUZ3ZkF1UUdzCnpOZldQdkdvd1BUbmFnZ3B4WnVkNmQ2VUNhTldXVTkxMUZwV2d2bjNZeVVDQXdFQUFhTmZNRjB3RGdZRFZSMFAKQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkoxckx6b3FYNWFSU3A2WgpScW96QW1veSsyK1BNQnNHQTFVZEVRUVVNQktDRUdWNGRHVnlibUZzTFhObFkzSmxkSE13RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFKY2dZSzBySzVIVTltVXQ5ZGZSS2dHVTNmOGV0NVpWQTJTQ1B2SUxRZk81NzRqNjh0ZUQKS2k1ZjFGdmtiM0I2eWM0b2tkN05ERDlpeEdXc3IxZXVCTTNXS2dJQUtlTllOUHRDWDJwSFYwWTgwVjdiWVlYdQpsdVFtc3lzWGhUT0xzT2NyTmphZVZxOVF5NHNOemRiN09NWmRrYnU4eGw1TmhiVUJYcXRna2M5N01hNC9QaEdJCmJUZ21yTnFQZG85akp6R0dUWXppL3FFV0dBWmluTWx5RkRwSTRuWlB4VlZDVXQ3bkxibW54YSsrNUZRK2R1aXQKUFNMam80N0JVR1lxV2hOZmlmOXNacXZtMm1sL01aRGFBS1krSnlGNVV5bysxM2lNanQ2Slk4NitmV3BkTkRNcQpxRU1RMXplanI2ZjhWaStkUzdwREdaTlZ0M243UmxSSTBiUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","name":"externalsecret-validate"}
{"level":"info","ts":1669207997.374785,"logger":"controllers.webhook-certs-updater","msg":"updated webhook config","Webhookconfig":"/externalsecret-validate"}

Since at the end of the webhook log it says the certs are valid, I am unsure what is wrong here.

0

There are 0 best solutions below