-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not a compact JWS error #25
Comments
Also reading the config does not print the reviewer token.
Also on the pod:
|
Single quotes won't interpolate the cat command, instead try
|
Hi did you found a solution to this problem? |
If I'm pasting the jwt token in the curl command then it is working, but when I'm substituting the value of jwt then its giving me same error. Please let me know how you solved it. |
@briankassouf This problem still persists. The solution recommended doesn't seem to resolve the issue.
I have tried this with the vault-auth serviceaccount (as per the example), ensuring that the kubernetes/auth is configured with the same JWT token, and yet it fails. Can I get some assistance with this ? |
@nitishm You're using single quotes in your data payload, which won't interpolate the Give this a try:
A more concrete example of the behavior:
vs
|
Thanks @calvn . It seems to definitely be a problem with the json string format and the cat interpolations. I moved the body into a |
Thank you @calvn for the hint. It saves my day. So curl --request POST \
--data '{"jwt": "'$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)'", "role": "myapplication"}' \
https://vault.example.com/v1/auth/kube-example/login
|
@calvn can you tell me how can achieve this from within terraform? i have tried this
but it gives the very same error |
Do you use decoded value? It works for me once I decoded value via |
@ListentoNews did you figure this out? I am having the exact same issue |
Maybe this will help hashicorp/terraform-provider-vault#793 |
Hey I have an issue delegating authentication to k8s, I configured my backend as follow:
K8s CA cert
/tmp/example.crt contains the K8s cert to authenticate to the API, from my ~/.kube/config
tokenreview JWT
ACCOUNT_TOKEN=$(kubectl -n default get secret
kubectl -n default get serviceaccount vault-tokenreview -o jsonpath='{.secrets[0].name}'
-o jsonpath='{.data.token}' | base64 --decode)Created before with the config:
Pod SA
I tried playing with both jwts and base64 encoding but no luck and this is driving me crazy. Am I missing something?
The text was updated successfully, but these errors were encountered: