sealed-secrets: kubeseal should not require a `~/.kube/config`
Love the idea of this project, but I encountered a (user?) problem of a non-responsive terminal. On ubuntu with the v0.7.0 kubeseal-linux-amd64.
Documentation:
… # This is the important bit: $ kubeseal <mysecret.json >mysealedsecret.json …
I’m trying to do this offline so I’ve saved the public key as a pem file.
kubeseal <secret.json >mysealedsecret.json --cert test.pem
panic: invalid configuration: no configuration has been provided
Figuring that the ‘<’ before secret.json might not belong there(?):
kubeseal secret.json >mysealedsecret.json --cert test.pem
This leads to kubeseal not returning anything, just seemingly working in the background. I can type more text, but it doesn’t do anything so I just have to close the process. mysealedsecret.json is created, but the size is 0 bytes. (I also tried kubeseal secret.json mysealedsecret.json --cert test.pem with the same result.)
What am I missing here?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 2
- Comments: 19 (2 by maintainers)
If that’s fixed on master could we get a new release? There has been no release in almost a year,
v0.7.0doesn’t even have the--versioncommand added 10 months ago 😢for users with k3s installed, run
export KUBECONFIG=/etc/rancher/k3s/k3s.yamlAny update on this ?
Sealed-secrets need to know the namespace of the secret it’s sealing. It can get the namespace in 3 ways (in order of precedence)
-n|--namespaceflag.We have bug in the way we report the condition when none of those 3 sources is available. Will track in #313.
Uh, if it still doesn’t work, we should reopen the issue indeed. @rwhaling your
kubeseal --version?Just a heads up - I can also report that running
kubeseal --certwith no kubeconfig available bombs out withinvalid configuration: no configuration has been providedThis is impactful, because we’d like for devs who do not have kubectl or cluster access to be able to seal secrets; any chance of re-opening this issue?