-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: authentication to external k8s cluster fails #93
Comments
isn't this expected behaviour? this feature could work only with cluster where it runs otherwise you have to set |
@riuvshyn No that isn't true. If you don't specify the As the documentation states
And as long as that JWT has the necessary permissions (system:auth-delegator). I have verified this works as expected. |
Edited: I just looked at your PR, and it seems like a reasonable workaround to use the local pod credentials all together when none of the CA cert and token reviewer JWT have been set, |
Hi folks, the new |
Given the following situation:
In this situation authentication will always fail due to the fact that Vault will default to using the token that vault itself is running under for the TokenReviewerJWT. As this has no authority in cluster2, authentication fails.
Looking over the changes
#83
Is the PR that I believe broke this functionality due to the fact it added the following
As you can see if there is no tokenReviewer specified in the request it checks for the localTokenReviewer (found if running in a cluster) and defaults to that.
The text was updated successfully, but these errors were encountered: