No k8s secret created. How to troubleshoot?

You're welcome. Glad it works now. Enjoy the magic!

Silly me. That did it. Yes, it's magical. Excellent help, thank you!

Thank you for clarifying that! I think I know what the issue could be.

The magic that automatically creates Kubernetes secrets is not included in the base setup of Connect. That requires running a separate operator that talks with the Kubernetes API.

Fortunately, that is all https://github.com/1Password/connect-helm-charts/tree/main/charts/connect#deploying-1password-connect-kubernetes-operator. So enabling it should be as simple as running the following Helm command:

helm upgrade connect 1password/connect --reuse-values --set operator.create=true


The operator requires a Connect token (with read access to all vaults that it should create secrets for) to communicate with Connect. That can be stored in a k8s secret, like this:

kubectl create secret generic onepassword-token--from-literal=token=INSERT_TOKEN_HERE


If all goes well, you should end up with an extra onepassword-connect-operator deployment.

Let me know if that helps.

Joris

Thanks for the quick reply. I did forget to mention that! Yes, installed the helm version as part of the install. I have a deployment called onepassword-connect. Inside are a couple of containers:

• connect-api
• connect-sync

Both are running, green and have 0 restarts.

I restarted the pod for fresh logs. Heres the dump of both the connect-api and connect-sync logs

kubectl logs deployment/onepassword-connect -c connect-api

!
! {"log_message":"(I) no database found, will retry in 1s","timestamp":"2022-04-06T18:50:22.236128894Z","level":3}
! {"log_message":"(I) no database found, will retry in 1s","timestamp":"2022-04-06T18:50:23.236614561Z","level":3}
! {"log_message":"(I) no database found, will retry in 1s","timestamp":"2022-04-06T18:50:24.236855033Z","level":3}
! {"log_message":"(I) disabling bus peer auto-discovery","timestamp":"2022-04-06T18:50:25.239553647Z","level":3}
! {"log_message":"(I) connected to bus peer at localhost:11221","timestamp":"2022-04-06T18:50:25.240723716Z","level":3}
! {"log_message":"(W) configured to use HTTP with no TLS","timestamp":"2022-04-06T18:50:25.240907975Z","level":2}
! {"log_message":"(I) starting 1Password Connect API ...","timestamp":"2022-04-06T18:50:25.241138542Z","level":3}
! {"log_message":"(I) serving on :8080","timestamp":"2022-04-06T18:50:25.241166283Z","level":3}
! {"log_message":"(I) GET /heartbeat","timestamp":"2022-04-06T18:50:45.43773031Z","level":3,"scope":{"request_id":"e6c700c3-c423-4206-aca9-4e0e0cd93ae0"}}
! {"log_message":"(I) GET /heartbeat completed (200: OK)","timestamp":"2022-04-06T18:50:45.437842508Z","level":3,"scope":{"request_id":"e6c700c3-c423-4206-aca9-4e0e0cd93ae0"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:50:45.438321723Z","level":3,"scope":{"request_id":"a82dc20c-9476-4735-9214-0e7e520442b6"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:50:45.439036178Z","level":3,"scope":{"request_id":"a82dc20c-9476-4735-9214-0e7e520442b6"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:50:55.438054739Z","level":3,"scope":{"request_id":"47d2c541-27f3-4ebf-ac02-ae41391488d3"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:50:55.438544371Z","level":3,"scope":{"request_id":"47d2c541-27f3-4ebf-ac02-ae41391488d3"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:51:05.436730884Z","level":3,"scope":{"request_id":"b35c6dd6-3fac-4fbe-b30f-faa457dc2767"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:51:05.437051136Z","level":3,"scope":{"request_id":"b35c6dd6-3fac-4fbe-b30f-faa457dc2767"}}
!

kubectl logs deployment/onepassword-connect -c connect-sync

!
! {"log_message":"(I) disabling bus peer auto-discovery","timestamp":"2022-04-06T18:50:24.498800445Z","level":3}
! {"log_message":"(W) did not initialize bus connection to peer localhost:11220. If the peer is currently booting, it may initialize the connection while starting. Details: failed to transport.CreateConnection: failed to Dial endpoint: dial tcp 127.0.0.1:11220: connect: connection refused. ","timestamp":"2022-04-06T18:50:24.499900844Z","level":2}
! {"log_message":"(W) configured to use HTTP with no TLS","timestamp":"2022-04-06T18:50:24.500093453Z","level":2}
! {"log_message":"(I) starting 1Password Connect Sync ...","timestamp":"2022-04-06T18:50:24.50029249Z","level":3}
! {"log_message":"(I) serving on :8081","timestamp":"2022-04-06T18:50:24.500338439Z","level":3}
! {"log_message":"(I) no existing database found, will initialize at /home/opuser/.op/data/1password.sqlite","timestamp":"2022-04-06T18:50:24.500860912Z","level":3}
! {"log_message":"(I) database initialization complete","timestamp":"2022-04-06T18:50:24.51662394Z","level":3}
! {"log_message":"(I) ### syncer credentials bootstrap ### ","timestamp":"2022-04-06T18:50:24.517155596Z","level":3}
! {"log_message":"(I) established incoming bus peer connection","timestamp":"2022-04-06T18:50:25.240661368Z","level":3}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:50:45.437681412Z","level":3,"scope":{"request_id":"2bd63987-1095-49f4-a33c-eab03c649393"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:50:45.437907303Z","level":3,"scope":{"request_id":"2bd63987-1095-49f4-a33c-eab03c649393"}}
! {"log_message":"(I) GET /heartbeat","timestamp":"2022-04-06T18:50:45.439826104Z","level":3,"scope":{"request_id":"d891ecac-a5da-478b-b915-3b62d9d66f91"}}
! {"log_message":"(I) GET /heartbeat completed (200: OK)","timestamp":"2022-04-06T18:50:45.439874632Z","level":3,"scope":{"request_id":"d891ecac-a5da-478b-b915-3b62d9d66f91"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:50:55.43725771Z","level":3,"scope":{"request_id":"20a8c83a-5697-4264-9658-9f9745f024ac"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:50:55.437357602Z","level":3,"scope":{"request_id":"20a8c83a-5697-4264-9658-9f9745f024ac"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:51:05.436651689Z","level":3,"scope":{"request_id":"ee42e5c1-f3fe-43e9-9848-c104cb21bd8b"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:51:05.436719808Z","level":3,"scope":{"request_id":"ee42e5c1-f3fe-43e9-9848-c104cb21bd8b"}}
! {"log_message":"(I) GET /health","timestamp":"2022-04-06T18:51:15.437649723Z","level":3,"scope":{"request_id":"c658cc89-ce86-4251-bcc9-48be4b21678d"}}
! {"log_message":"(I) GET /health completed (200: OK)","timestamp":"2022-04-06T18:51:15.437709724Z","level":3,"scope":{"request_id":"c658cc89-ce86-4251-bcc9-48be4b21678d"}}
! {"log_message":"(I) GET /heartbeat","timestamp":"2022-04-06T18:51:15.43858387Z","level":3,"scope":{"request_id":"1f53dd9b-c866-4d6e-917e-b6af107a1b4d"}}
! {"log_message":"(I) GET /heartbeat completed (200: OK)","timestamp":"2022-04-06T18:51:15.438619475Z","level":3,"scope":{"request_id":"1f53dd9b-c866-4d6e-917e-b6af107a1b4d"}}
!

Hey!

I am glad to hear you are excited to get this to work. Speaking from my own experience, it's pretty magical when it works!

Let's try to get this sorted. First a quick check because it is not explicitly mentioned in the post: you are running the https://github.com/1Password/onepassword-operator/? (either by manually deploying the manifest in that repo or through our https://github.com/1Password/connect-helm-charts/)

If that is indeed the case, could you share the logs of the onepassword-connect-operator deployment? (kubectl logs deployment/onepassword-connect-operator probably does the trick) That might contains some hints as to what is going on.

Joris