Kubeseal not working on EKS IPv6 CLuster

[Vinaum8]

Which component:
SERVER:
Helm chart: https://bitnami-labs.github.io/sealed-secrets/sealed-secrets
Chart Version: 2.14.1
Container Image: docker.io/bitnami/sealed-secrets-controller:v0.24.5

CLIENT:
kubeseal version: v0.24.5

Describe the bug
well, i tried generate the sealed secrets with kubeseal binary version 0.24.5 and the connection start and finalize with message:

error: cannot fetch certificate: error trying to reach service: dial tcp [2600:1f1e:82a:9d05:25f3::a]:8080: connect: connection timed out

this same kubeseal (server and client version) installed in other clusters with ipv4 work fine.

I had this same error with rabbitmq maganement port and metrics port and the solution was to change the config file in the line of listen port.

From: 0.0.0.0
To: ::

Is there anything i can do?

To Reproduce
Wih EKS Cluster IPV6.
Install Helm Chart Version
Install Binary Version
Generate Secret.

Expected behavior
[A clear and concise description of what you expected to happen.](error: cannot fetch certificate: error trying to reach service: dial tcp [CLUSTERIP]:8080: connect: connection timed out)

Version of Kubernetes: 1.28

• Output of kubectl version:

Client Version: v1.29.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.4-eks-8cb36c9

[Vinaum8]

@alvneiayu Do you have any suggestions or alternatives for this problem?

[alvneiayu]

sorry @Vinaum8, trying to reproduce it. I will come back as soon as possible. Thanks for your time

[fayak]

Simply add

command:
          - controller
          - --listen-addr
          - '[::]:8080'
          - --listen-metrics-addr
          - '[::]:8081'

to the values of your helm chart and voilà :)

[agarcia-oss]

@Vinaum8 Did that configuration worked for you?

[Vinaum8]

@agarcia-oss yes, my kube seal server is listen on ipv6 address.
Thanks @fayak

HTTP server serving on [::]:8080 HTTP metrics server serving on [::]:8081

But, my connection beetwen kubeseal client and kubeseal server not working.

`$ kubeseal < secret.yaml > sealed-secret.yaml

error: cannot fetch certificate: error trying to reach service: dial tcp [2600:1f1e:82a:9d05:df4f::b]:8080: connect: connection timed out`

[fayak]

Not sure what's your issue there, but in my case I found it easier to enable the ingress and use kubeseal --cert https://example.com/v1/cert.pem instead of working with the service directly, especially since most of my users don't have access to the kubernetes API

[Vinaum8]

Hmmmm, i'll test this.

[Vinaum8]

Not sure what's your issue there, but in my case I found it easier to enable the ingress and use kubeseal --cert https://example.com/v1/cert.pem instead of working with the service directly, especially since most of my users don't have access to the kubernetes API

Man, i use this approach and works for me!

Add Command and Create Ingress!

Thanks @fayak