… "message":"Error with blobstore: Excon::Error::Forbidden - Expected(200) <=> Actual(403 Forbidden)
excon.error.response\n :body =>
…<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
That's because the cloud-controller is using the new provided value but minio hasn't been updated.
This happens only when using the internal minio blobstore, under the assumption that if you're updating this field, it's because the password for your external blobstore has changed and you're giving cf-for-k8s the new credential.
Describe the bug
This is in the category of supporting rotation of all credentials (https://www.pivotaltracker.com/story/show/175210100)
To Reproduce*
Steps to reproduce the behavior:
blobstore.secret_access_key
in a values file.kubectl logs -n cf-system cf-api-server-SUFFIX -c cf-api-server
We see this text in the logs:
That's because the cloud-controller is using the new provided value but minio hasn't been updated.
This happens only when using the internal minio blobstore, under the assumption that if you're updating this field, it's because the password for your external blobstore has changed and you're giving cf-for-k8s the new credential.
Expected behavior
The deploy should succeed.