-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault Injector TLS Handshake error: bad certificate #98
Comments
I was able to figure out what the issue was. I finally figured out how the auto generation process worked for the TLS certificate. That led me to re-evaluate my manifest files to make sure everything was good. I found a missing letter in the last host in the AGENT_INJECT_TLS_AUTO_HOSTS environment variable. I guess that just happened to be the host that the api-server was using to call the webhook. |
What dd you miss in your configs I have a similar setup and am seeing the same log? I have vault-agent-injector-svc,vault-agent-injector-svc.$(NAMESPACE),vault-agent-injector-svc.$(NAMESPACE).svc in mine |
When I generated the manifest I used the wrong namespace so I manually changed it to "vault" afterwards. In the last host I had missed the "t" in "vault". My namespace is "vault" and the value I have is |
Same issue here.
|
I have a preexisting vault cluster that I'd like to hook into using the vault injector webhook. I used helm to generate the manifests from vault-helm chart and applied to to the cluster. The webhook is getting called but it's running into the following error:
2020/03/03 23:41:20 http: TLS handshake error from 172.17.1.43:46482: remote error: tls: bad certificate
. I'm not sure which certificate is bad. Is the injector having issues validating the certificate of the apiserver or is the apiserver not trusting the webhook certificate? I didn't configure any certificates in the vault-helm chart. It sounds like if no certificate is specified then the injector will generate a certificate using the service account.The text was updated successfully, but these errors were encountered: