BadRequest error when configuring external Vault with Kubernetes authentication #3637
Labels
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
When trying to configure Vault as an external certificate Issuer, the ClusterIssuer resource cannot reach the Ready status, giving the following message:
After debugging with tcpdump, the request that generates the 400 error is the following:
where the content of the JWT has been substituted with stars.
Now, the same request done with curl from a debugging
alpine
pod in the cert-manager namespace, forcing all headers to be the same with the following commandproduces a correct result
Capturing also this request with tcpdump, the output is the following
The only difference I can observe is in the length, that differs by 1, while all the headers and the content are the same.
Expected behaviour:
The ClusterIssuer should reach the ready state
Steps to reproduce the bug:
pki
secret for Kubernetes authentication, configuring the TTL to one yearvault policy write kubernetes-pki -
with the following contentsystem:auth-delegator
roleEnvironment details::
/kind bug
The text was updated successfully, but these errors were encountered: