Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG K8S Auth not working #7

Open
patrick-hermann-sva opened this issue Jun 14, 2024 · 0 comments
Open

BUG K8S Auth not working #7

patrick-hermann-sva opened this issue Jun 14, 2024 · 0 comments
Assignees
@patrick-hermann-sva
Labels
bug Something isn't working

Comments

@patrick-hermann-sva
Copy link
Contributor

patrick-hermann-sva commented Jun 14, 2024
edited
Loading

worked with following config

module "vault-secrets-setup" {
  source = "../../vault-base-setup/"
  kubeconfig_path = "/home/sthings/.kube/itnovative"
  vault_addr = "https://vault.itnovative.sthings-vsphere.labul.sva.de"
  createDefaultAdminPolicy = true
  csi_enabled = true
  vso_enabled = true
  cluster_name = "itnovative"
  enableApproleAuth = false
  secret_engines = [
    {
      path         = "apps"
      name         = "demo"
      description  = "minio app secrets"
      data_json    = <<EOT
      {
        "accessKey": "this",
        "secretKey": "andThat"
      }
      EOT
    }
  ]
  kv_policies = [
    {
      name         = "read-demo"
      capabilities = <<EOF
path "apps/data/demo" {
   capabilities = ["read"]
}
path "apps/metadata/demo" {
   capabilities = ["read"]
}
EOF
    }
  ]
  k8s_auths = [
    {
      name = "dev"
      namespace = "default"
      token_policies = ["read-demo"]
      token_ttl = 3600
    }
  ]
}
sthings@itnovative-2:/etc/rancher/rke2$ kubectl get vaultauth -o yaml
  spec:
    kubernetes:
      role: dev
      serviceAccount: dev
      tokenExpirationSeconds: 600
    method: kubernetes
    mount: itnovative-dev
    vaultConnectionRef: dev
  status:
    error: ""
    valid: true
kind: List
metadata:
  resourceVersion: ""
apiVersion: v1
items:
- apiVersion: secrets.hashicorp.com/v1beta1
  kind: VaultStaticSecret
  metadata:
    name: vault-static-apps1
    namespace: default
  spec:
    destination:
      create: true
      name: vso-app
    hmacSecretData: true
    mount: apps
    path: demo
    refreshAfter: 10s
    type: kv-v2
    vaultAuthRef: dev
  status:
    lastGeneration: 1
    secretMAC: pum81pv25FgD68B7FbJR5iMNX3BkrGR5hq2m6lZw0jA=
kind: List
metadata:
  resourceVersion: ""
@patrick-hermann-sva patrick-hermann-sva added the bug Something isn't working label Jun 14, 2024
@patrick-hermann-sva patrick-hermann-sva self-assigned this Jun 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patrick-hermann-sva patrick-hermann-sva

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@patrick-hermann-sva