Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
34 lines (27 sloc) 1.36 KB


Here are some tips for troubleshooting and debugging issues when things aren't working.

View init container logs

  1. Enable debug logging on the init container by setting the LOG_LEVEL environment variable to debug.

  2. Assuming your init container is called init-vault and the pod is called app-2539434469-99hz2, run the following command in your CLI:

kubectl logs app-2539434469-99hz2 -c init-vault

Connect Vault via https and ip. Error: certificate doesn't contain any IP SANs

Using Vault with certificate signed by unknown authority and accessing Vault via IP, kubernetes-vault controller may encounter an error:

time="2018-06-29T09:39:26Z" level=debug msg="Discovered 0 nodes: []"
time="2018-06-29T09:39:27Z" level=fatal msg="Could not create the vault client: error parsing supplied token: failed to lookup Vault periodic token: Get x509: cannot validate certificate for because it doesn't contain any IP SANs

This means that vault https certificate doesn't contain neccessary ip addresses in subject alternative names field.

  1. Regenerate vault certificate adding ip addresses. I.e. for openssl add them in alt_names
DNS.1 = vault.dns.1
DNS.2 = vault.dns.2
IP.1 =
IP.2 =
  1. Add this certificate to vault.
  2. Restart vault.
You can’t perform that action at this time.