amit0701
commented
3 years ago Hi @divyangjp , What is the version of Kubernetes cluster ? This is recently fixed in #43 . Did you also try using an updated Helm chart ? helm repo update
Closed divyangjp closed 3 years ago
amit0701
commented
3 years ago Hi @divyangjp , What is the version of Kubernetes cluster ? This is recently fixed in #43 . Did you also try using an updated Helm chart ? helm repo update
divyangjp
commented
3 years ago @amit0701 I was installing the helm chart in kube-system which gave the error. When I installed it in default namespace, the error disappeared and pod could access secret value.
turbotankist
commented
3 years ago The problem is in _helpers.tpl it should be
{{- $cert := genSignedCert (printf "secret-inject.%s.svc" .Release.Namespace) nil (list "secret-inject.default.svc" (printf "secret-inject.%s.svc" .Release.Namespace)) 3650 $ca -}}cause if alternate DNS is exist then CN isn't used So cert valid only for secret-inject.default.svc and deployment works only in default namespace
And with my fix we get
X509v3 Subject Alternative Name:
DNS:secret-inject.default.svc, DNS:secret-inject.kube-system.svcand all is working
amit0701
commented
3 years ago LGTM
I installed helm chart for aws-secret-sidecar-injector following the guide at https://aws.amazon.com/blogs/containers/aws-secrets-controller-poc/
A new deployment with proper annotations is created. AWS iam_role and policies are properly created. Kubernetes
serviceaccountis created in line with the guide and specified in the deploymentspecBut the deployment pod doesn't have secret mounted at/tmpdirectory When checking logs for podsecret-inject-xxxx-xxx, it has the error as described in title