privilegedescalation/headlamp-sealed-secrets-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity
Files
pri-435-update-namespace-docs
headlamp-sealed-secrets-plugin/docs/troubleshooting
T
History
Chris Farhood 876fb062fe fix: restore kube-system for sealed-secrets-controller refs 
Reverts docs changes from 143b2c3 that incorrectly replaced
kube-system with headlamp for sealed-secrets-controller commands.

The sealed-secrets-controller runs in kube-system, NOT headlamp.
Only the Headlamp app install namespace was changed to headlamp.

Changes:
- Revert -n headlamp → -n kube-system in all sealed-secrets-controller
  kubectl commands across all docs files
- Revert sealed-secrets-controller.kube-system DNS reference
- Revert --controller-namespace=headlamp → --controller-namespace=kube-system
- Revert 'namespace headlamp' → 'namespace kube-system' in error messages

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-04 21:30:34 +00:00
..
common-errors.md
fix: restore kube-system for sealed-secrets-controller refs
2026-05-04 21:30:34 +00:00
controller-issues.md
fix: restore kube-system for sealed-secrets-controller refs
2026-05-04 21:30:34 +00:00
encryption-failures.md
fix: restore kube-system for sealed-secrets-controller refs
2026-05-04 21:30:34 +00:00
permission-errors.md
fix: restore kube-system for sealed-secrets-controller refs
2026-05-04 21:30:34 +00:00
README.md
fix: restore kube-system for sealed-secrets-controller refs
2026-05-04 21:30:34 +00:00

README.md

Troubleshooting Guide

Common issues and solutions for the Headlamp Sealed Secrets plugin.

Quick Links

Quick Diagnosis

Plugin Not Visible in Headlamp

Symptoms: "Sealed Secrets" not showing in sidebar

Quick Checks:

# 1. Check plugin directory exists
ls -la ~/Library/Application\ Support/Headlamp/plugins/headlamp-sealed-secrets/

# 2. Check plugin files are present
ls ~/Library/Application\ Support/Headlamp/plugins/headlamp-sealed-secrets/dist/

# 3. Check Headlamp version
headlamp --version  # Should be v0.13.0+

Solution: See Installation Guide

Controller Not Found

Symptoms: "Failed to fetch controller certificate" or health status shows unhealthy

Quick Checks:

# Check controller is running
kubectl get pods -n kube-system -l name=sealed-secrets-controller

# Check service exists
kubectl get svc -n kube-system sealed-secrets-controller

Solution: See Controller Issues

Permission Denied

Symptoms: "Forbidden" errors, missing buttons in UI

Quick Checks:

# Test your permissions
kubectl auth can-i list sealedsecrets.bitnami.com
kubectl auth can-i create sealedsecrets.bitnami.com
kubectl auth can-i get secrets

Solution: See Permission Errors

Encryption Fails

Symptoms: "Encryption failed" when creating sealed secrets

Quick Checks:

# Check certificate is valid
kubectl get secret -n kube-system sealed-secrets-key -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -dates

Solution: See Encryption Failures

Getting Help

If you can't find a solution:

  1. Check the logs:

    # Headlamp logs (depends on installation method)
# For desktop app:
tail -f ~/Library/Logs/Headlamp/main.log

# Controller logs
kubectl logs -n kube-system -l name=sealed-secrets-controller

  2. Enable browser console:

    • View → Toggle Developer Tools
    • Look for errors in Console tab

  3. Search GitHub Issues:

  4. Ask for Help:

Reporting Bugs

When reporting an issue, include:

  • Plugin version: Check Settings page or package.json
  • Headlamp version: headlamp --version
  • Kubernetes version: kubectl version --short
  • Controller version: kubectl get deployment -n kube-system sealed-secrets-controller -o jsonpath='{.spec.template.spec.containers[0].image}'
  • Error messages: Full error text from UI or console
  • Browser console logs: Copy from Developer Tools
  • Steps to reproduce: What you did before the error

Common Patterns

Error Message Format

Plugin errors typically follow this format:

[Context]: Specific error message

Examples:

  • Failed to fetch certificate: Network error
  • Validation failed: Name must be a valid DNS-1123 subdomain
  • Encryption failed: Invalid public key

Health Check Failures

The plugin checks controller health every 30 seconds. If health checks fail:

  1. Transient failures: Wait 1-2 minutes for retry
  2. Persistent failures: Check controller status
  3. Network issues: Verify cluster connectivity

RBAC Failures

Missing permissions hide UI elements:

Permission Missing UI Impact
list sealedsecrets No sealed secrets shown
create sealedsecrets "Create" button hidden
delete sealedsecrets "Delete" button disabled
get secrets "Decrypt" button hidden

Next Steps

Reference in New Issue View Git Blame Copy Permalink