You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You'll notice the X-Squid-Error: ERR_ACCESS_DENIED 0 in the response headers on the request to https://10.20.157.251:6443/api/v1/namespaces/sealed-secrets/services/http:eksa-dev-sealed-secrets:http/proxy/v1/cert.pem.
Below are the settings we have set for no_proxy and NO_PROXY we have set on every Kubernetes node:
Expected behavior
A clear and concise description of what you expected to happen.
Do you have the NO_PROXY variable set on your local environment? I assume you are using kubeseal from your local environment and not from inside the cluster, so kubeseal will get the proxy settings from your local environment.
It is set, however, the machine I'm on shouldn't be using the proxy at all..
The reason we shared the cluster info is that the same kubeseal client will work on one of our clusters but not on the one I'm posting about, so we figured it must be a difference in how the clusters are configured. However, when we look at the sealed-secrets-controller logs it looks like the kubeseal requests aren't even making it to the cluster because they're going through the proxy.
It is indeed weird, because I see two requests GET requests in your logs but the first one is succeeding, so it seems the NO_PROXY variable is functioning correctly there.
Can you try with an older version so we can see if there's something different? For example, 0.24.5.
Which component:
version
0.25
of sealed secrets, tried with both0.25
and0.26
of thekubeseal
clientDescribe the bug
kubeseal is ignoring NO_PROXY variables upon request to:
https://10.20.157.251:6443/api/v1/namespaces/sealed-secrets/services/http:eksa-dev-sealed-secrets:http/proxy/v1/cert.pem
Other workloads on the cluster are using the no_proxy vars just fine so we know they're set correctly on the nodes. Any thoughts?
To Reproduce
Steps to reproduce the behavior:
You'll notice the
X-Squid-Error: ERR_ACCESS_DENIED 0
in the response headers on the request tohttps://10.20.157.251:6443/api/v1/namespaces/sealed-secrets/services/http:eksa-dev-sealed-secrets:http/proxy/v1/cert.pem
.Below are the settings we have set for
no_proxy
andNO_PROXY
we have set on every Kubernetes node:Expected behavior
A clear and concise description of what you expected to happen.
Version of Kubernetes:
kubectl version
:Additional context
The text was updated successfully, but these errors were encountered: