kamus: GoogleKms encryption fails on 0.6.2.0 (0.6.1.0 works)

Describe the bug Using version 0.6.2.0 with GoogleKms causes the encryptor to fail without an apparent reason when trying to encrypt values with kamus-cli. Same settings work with 0.6.1.0. Tested with 0.6.3.0 as well, same behavior. Feels like it’s because of some changes between 0.6.1.0 and 0.6.2.0.

Note: 0.6.3.0 controller fails to start with the current version of the chart but that might be something for another issue 😃 I’ll look more into it when I’ll have time

Versions used Kamus (API images): 0.6.2.0 Kamus CLI: 0.3.0 Chart version: 0.4.6 KMS provider: GoogleKms Kubernetes flavour and version: v1.15.7-gke.23

To Reproduce Steps to reproduce the behavior:

  1. Install the chart with the above versions and with proper GoogleKms config
  2. Port-forward into an encryptor pod
  3. kamus-cli encrypt --service-account <sa> --namespace <ns> --kamus-url http://localhost:9999 --allow-insecure-url --secret “<shh>”
[info  kamus-cli]: Encryption started...
[info  kamus-cli]: service account: <sa>
[info  kamus-cli]: namespace: <ns>
[warn  kamus-cli]: Auth options were not provided, will try to encrypt without authentication to kamus
[error kamus-cli]: Error while trying to encrypt with kamus: socket hang up
  1. encryptor pod exist with error code 139, events show liveness and readiness checks failing as well, no useful logs in the pod while this happening

Expected behavior kamus-cli calls returns the encrypted value after creating the required key in the keyring (as it is working on 0.6.1.0)

If you need any help let me know, curious how C# is lately 😃

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

Is indeed fixed, I upgraded last night to 0.6.4.0.

+1
lebenitza on Mar 9, 2020

You welcome! Can you please confirm the issue is resolved?

Get Outlook for iOShttps://aka.ms/o0ukef

From: lebenitza notifications@github.com Sent: Sunday, March 8, 2020 12:39:15 PM To: Soluto/kamus kamus@noreply.github.com Cc: Omer Levi Hevroni omerl@soluto.com; Mention mention@noreply.github.com Subject: Re: [Soluto/kamus] GoogleKms encryption fails on 0.6.2.0 (0.6.1.0 works) (#455)

Thanks for solving this @omerlhhttps://github.com/omerlh . Really interesting issue.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Soluto/kamus/issues/455?email_source=notifications&email_token=ABTLGWFX5MDZFZ25O6GHC63RGNYVHA5CNFSM4K4MHLKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOESL4A#issuecomment-596190704, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABTLGWBYVTMS5OSQHG27O73RGNYVHANCNFSM4K4MHLKA.

+1
omerlh on Mar 8, 2020

I was able to reproduce the issue and fix it, there is something bad happening with alpine - switch to buster seems to fix it. We’ll release the new version tomorrow, stay tuned! Apparently - the container was crashing with exit code 139 (seg fault), not sure why - see the linked issue on Google SDK.

+1
omerlh on Mar 7, 2020
Read more comments on GitHub
← kamus: Error loading native library "/home/dotnet/app/runtimes/linux/native/libgrpc_csharp_ext.x64.so"
tensorflow.rb: Spec fails unpredictably →