Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Kubernetes API could not find viaduct.ai/ksops for requested resource. Make sure the "ksops" CRD is installed on the destination cluster. #198

Open
adeel-ansari opened this issue Jul 14, 2023 · 2 comments
Open

The Kubernetes API could not find viaduct.ai/ksops for requested resource. Make sure the "ksops" CRD is installed on the destination cluster. #198

adeel-ansari opened this issue Jul 14, 2023 · 2 comments

Comments

@adeel-ansari
Copy link

adeel-ansari commented Jul 14, 2023
edited
Loading

I am having an issue with getting ksops to work with ArgoCD. The error I'm seeing in ArgoCD is:

The Kubernetes API could not find viaduct.ai/ksops for requested resource [ resource name ]. Make sure the "ksops" CRD is installed on the destination cluster.

I am using viaductoss/ksops:v4.2.1 and followed the instructions to integrate with ArgoCD using the Helm chart modifications.

I have the following in my argocd-cm:

apiVersion: v1
data:
  application.instanceLabelKey: argocd.argoproj.io/instance
  dex.config: ""
  kustomize.buildOptions: --enable-alpha-plugins --enable-exec

When I exec into my argocd repo pod I see the files that need to be there:

-rwxr-xr-x 1 root root 30840104 May 26 15:35 ksops
-rwxr-xr-x 1 root root 27401720 May 26 15:36 kustomize

It seems like /usr/local/bin is part of the path. Running kustomize version gives me:
(devel)

Running ksops in the pod shows this:

KSOPS is a flexible kustomize plugin for SOPS encrypted resources.
KSOPS supports both legacy and KRM style exec kustomize functions.

kustomize Usage:
- kustomize build --enable-alpha-plugins --enable-exec

Standalone Usage :
- Legacy: ksops secret-generator.yaml
- KRM: cat secret-generator.yaml | ksops

This is what my secret generator looks like:

apiVersion: viaduct.ai/v1
kind: ksops
metadata:
  # Specify a name
  name: secret-generator
  annotations:
    config.kubernetes.io/function: |
        exec:
          path: ksops
files:
  - ./secret.enc.yaml

Kustomization file:

apiVersion: kustomize.config.k8s.io/v1beta2
kind: Kustomization
generators:
  - ./secret-generator.yaml

Other information:

  • kubectl version = 1.22.8
  • Using Bitnami argocd chart

Let me know if you need any more information.
@johnl
Copy link

johnl commented Jul 26, 2023

This seems like argo is trying to apply the generator yaml directly to kubernetes rather than kustomize using it to generate an actual secret which should then be applied.

Can you include your kustomization.yaml here?

@adeel-ansari
Copy link
Author

Hi @johnl , thanks for looking into this. I have just included my kustomization content at the bottom of the original message. I was more or less following the examples given on the KSops github page.

Not to misguide what you're looking into, but I noticed that Bitnami has a different way of installing CRD's than the ArgoCD charts. It's possible I haven't installed those correctly. I think the KSops instructions are given using the ArgoCD helm chart not Bitnami. Unfortunately I wasn't able to test with the ArgoCD chart because it needs a later version of Kubernetes and kubectl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnl @adeel-ansari