CreateContainerConfigError trying to reach 1Password Connect server

Options
Klaudioz
Klaudioz
Community Member
in Secrets Automation

I've an issue setting 1Password operator. I've set a Kubernetes cluster in one machine with 1Password Connect server and another new one, where I installed the operator. This is what I'm getting:

K8s Connect server

deploy-1password-server helm install connect 1password/connect --set-file connect.credentials=1password-credentials.json
NAME: connect
LAST DEPLOYED: Thu Aug 19 10:50:59 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
apiVersion: apps/v1
NOTES:
** Please be patient while the chart is being deployed **

1Password Connect is being deployed to Kubernetes. More information about 1Password Connect can
be found at https://support.1password.com/secrets-automation/

New k8s cluster

kubectl create secret generic onepassword-token --from-literal=token=XXXXXX

kubectl apply -f deploy/permissions.yaml

kubectl apply -f deploy/crds/onepassword.com_onepassworditems_crd.yaml

kubectl apply -f deploy/operator.yaml

kubectl get po
NAME READY STATUS RESTARTS AGE
onepassword-connect-5f4f486fb6-7n45t 0/2 CreateContainerConfigError 0 83s
onepassword-connect-operator-7cb86bc989-5t6qm 1/1 Running 0 92s

I've edited the deploy/operator.yaml adding the IP of the K8s Connect server with :8080 and without it. Also I've tried with https and http.

More error details:
onepassword-operator git:(main) ✗ kubectl logs onepassword-connect-5f4f486fb6-7n45t connect-api
Error from server (BadRequest): container "connect-api" in pod "onepassword-connect-5f4f486fb6-7n45t" is waiting to start: CreateContainerConfigError`

onepassword-operator git:(main) ✗ kubectl logs onepassword-connect-5f4f48ssss6fb6-7n45t connect-sync
Error from server (BadRequest): container "connect-sync" in pod "onepassword-connect-5f4f486fb6-7n45t" is waiting to start: CreateContainerConfigError

It looks like it can't connect to the connect server. Is anything else I need to do there ?

This is what I can see from the server:

deploy-1password-server kubectl get po,ns
NAME READY STATUS RESTARTS AGE
pod/onepassword-connect-7668864554-gm6h6 2/2 Running 0 112s

NAME STATUS AGE
namespace/default Active 10m
namespace/kube-node-lease Active 10m
namespace/kube-public Active 10m
namespace/kube-system Active 10m

And this is my operator.yml file:

apiVersion: apps/v1
kind: Deployment
metadata:
name: onepassword-connect-operator
spec:
replicas: 1
selector:
matchLabels:
name: onepassword-connect-operator
template:
metadata:
labels:
name: onepassword-connect-operator
spec:
serviceAccountName: onepassword-connect-operator
containers:
- name: onepassword-connect-operator
image: 1password/onepassword-operator
command: ["/manager"]
env:
- name: WATCH_NAMESPACE
value: "default"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "onepassword-connect-operator"
- name: OP_CONNECT_HOST
value: "https://"
- name: POLLING_INTERVAL
value: "10"
- name: MANAGE_CONNECT
value: "true"
- name: OP_CONNECT_TOKEN
valueFrom:
secretKeyRef:
name: onepassword-token
key: token
- name: AUTO_RESTART
value: "false"

Thanks.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • simon_1P
    simon_1P
    edited August 2021
    Options

    The following configuration in your deploy/operator.yml:

    - name: MANAGE_CONNECT
  value: "true"

    configures that the second server were you installed the operator also deploys a Connect server.

    As you're using a different Connect server, could you remove those two lines to see if that solves your problem?

This discussion has been closed.