search

hashicorp / vault-k8s

First-class support for Vault and Kubernetes.
Mozilla Public License 2.0
790 stars 171 forks source link

VAULT_CONFIG passed as env variable exceeds MAX_ARG_STRLEN #197

Open andrejvanderzee opened 3 years ago

andrejvanderzee commented 3 years ago

We encountered the following error with the generated sidecar from vault-agent annotations.

standard_init_linux.go:211: exec user process caused "argument list too long"

We found two limits: ARG_MAX and MAX_ARG_STRLEN. The latter which defines the max length of an env variable (131072) hurts us. The last successful deployment had a VAULT_CONFIG length of: 122725. After adding more annotations, the new failing sidecar has a VAULT_CONFIG length of 131533. This results in the error above.

We would expect that the injector creates a configmap from the annotations and mounts the configmap into the sidecar.

We know we can use the vault.hashicorp.com/agent-configmap annotation and provide the full vault config ourselves, but that requires extra technical know-how for our developers.

jasonodonnell commented 3 years ago

Thanks for the report. We're looking into removing VAULT_CONFIG entirely and instead creating a configmap. This should solve the issue. I'll update if this feature is proposed.