Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(external-secrets addon): allow specifying `wait` property when deploying the helm chart so the `webhook` pod can stabilize
See original GitHub issueDescribe the bug
When deploying the ExternalSecrets addon together with a ClusterSecretStore or any resource that is of type ExternalSecrets CRD for the first time the deployment fails with the following error:
Received response status [FAILED] from custom resource. Message returned: Error: b'Error from server (InternalError): error when creating "/tmp/manifest.yaml": Internal error occurred:
failed calling webhook "validate.clustersecretstore.external-secrets.io": Post "https://external-secrets-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-clusterse
cretstore?timeout=5s": no endpoints available for service "external-secrets-webhook"\n'
I do have a dependency between the ClusterSecretStore and the ExternalSecrets addon, but the error persists. It seems other users had the same issue: https://stackoverflow.com/questions/73711481/in-cdk-can-i-wait-until-a-helm-installed-operator-is-running-before-applying-a
The error happens only when deploying the ExternalSecrets for the first time together with some custom resource that requires it to be up and running.
If the ExternalSecrets is deployed from a previous deployment, the next deployments can add custom resources.
Expected Behavior
ExternalSecrets deployed and running, together with the custom resource ClusterSecretStore added.
Current Behavior
Cloudformation deployment fails with the error from above.
Reproduction Steps
Create a new stack, add the addon and create a custom resource, then deploy the stack.
Possible Solution
Allow specifying the wait property when deploying the ExternalSecrets addon, so it can be set to true: https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/lib/addons/external-secrets/index.ts#L93
Additional Information/Context
I have tried modifying the code locally by including the wait property and setting it to true as suggested from StackOverflow it worked.
CDK CLI Version
2.43.0 (build 487870a)
EKS Blueprints Version
1.3.0
Node.js Version
v18.8.0
Environment details (OS name and version, etc.)
macOS 12.6
Other information
cc @pflorek
Adding @pflorek as cc here since I can see that he created the ExternalSecrets addon and PR #480
Issue Analytics
- State:
- Created a year ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Mr-istov Thank you! Yes, in the other clusters I had to configure the chart to wait for the ready state.
I’ve opened the PR for the fix.
Mmh, it seems the props for
waitandtimeoutare not to be meant as user props inHelmAddOnUserPropswhich are inHelmChartDeploymentand internally used… … I guess in the meantime it’s only deployable by two steps. First deploy ESO, then the stores and secrets.Thank you @pflorek for opening a PR to address this. Yeah, it’s not a problem for now to deploy it in two steps until your PR is merged.