Open jascsch opened 3 months ago
ricoberger
commented
3 months ago Hi @jascsch, normally the VAULT_SKIP_VERIFY should work when set as follows in the Helm chart:
environmentVars:
- name: VAULT_SKIP_VERIFY
value: "true"When you mounted the certificate, did you also set the VAULT_CACERT or VAULT_CAPATH environment variables as mentioned here https://github.com/ricoberger/vault-secrets-operator/issues/91#issuecomment-802759891?
Obladio
commented
3 months ago Hi there,
is set. logs stays at following:
{"level":"info","ts":"2024-04-18T09:48:24Z","logger":"vault","msg":"Reconciliation is enabled.","ReconciliationTime":0}Is there a way to set a log level or anything more verbose? May as additional info. We use kubernetes as auth method. When using token based auth it works.
ricoberger
commented
3 months ago You can try to decrease the log level as follows, but I'm not sure if this will provide more output:
args:
- -leader-elect
- -zap-log-level=debugNormally the logs should be looking similar to the following:
{"level":"info","ts":"2024-04-18T13:20:19Z","logger":"vault","msg":"Reconciliation is enabled.","ReconciliationTime":300}
{"level":"info","ts":"2024-04-18T13:20:20Z","logger":"vault","msg":"Renew Vault token"}
{"level":"info","ts":"2024-04-18T13:20:20Z","logger":"controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":"2024-04-18T13:20:20Z","logger":"setup","msg":"starting manager"}
{"level":"info","ts":"2024-04-18T13:20:20Z","msg":"Starting server","kind":"health probe","addr":"[::]:8081"}
{"level":"info","ts":"2024-04-18T13:20:20Z","msg":"starting server","path":"/metrics","kind":"metrics","addr":"[::]:8080"}
I0418 13:20:20.223425 1 leaderelection.go:250] attempting to acquire leader lease vault-secrets-operator/vaultsecretsoperator.ricoberger.de...
I0418 13:20:36.574905 1 leaderelection.go:260] successfully acquired lease vault-secrets-operator/vaultsecretsoperator.ricoberger.de
{"level":"info","ts":"2024-04-18T13:20:36Z","msg":"Starting EventSource","controller":"vaultsecret","controllerGroup":"ricoberger.de","controllerKind":"VaultSecret","source":"kind source: *v1alpha1.VaultSecret"}
{"level":"info","ts":"2024-04-18T13:20:36Z","msg":"Starting EventSource","controller":"vaultsecret","controllerGroup":"ricoberger.de","controllerKind":"VaultSecret","source":"kind source: *v1.Secret"}
{"level":"info","ts":"2024-04-18T13:20:36Z","msg":"Starting Controller","controller":"vaultsecret","controllerGroup":"ricoberger.de","controllerKind":"VaultSecret"}
{"level":"info","ts":"2024-04-18T13:20:37Z","msg":"Starting workers","controller":"vaultsecret","controllerGroup":"ricoberger.de","controllerKind":"VaultSecret","worker count":1}
{"level":"info","ts":"2024-04-18T13:20:37Z","msg":"Use shared client to get secret from Vault","controller":"vaultsecret","controllerGroup":"ricoberger.de","controllerKind":"VaultSecret","VaultSecret":{"name":"basic-auth-credentials","namespace":"customer-control"},"namespace":"customer-control","name":"basic-auth-credentials","reconcileID":"565ec7d5-3348-4416-88ce-6680ccf3ed2c"}When the problem only exists with the Kubernetes Auth Method, were the commands from the readme run successfully for the setup: https://github.com/ricoberger/vault-secrets-operator?tab=readme-ov-file#kubernetes-auth-method?
Obladio
commented
3 months ago Yes the configuration worked. Unfortunately it doesnt print anything else. It seems a problem with internal network. Thank you anyway for support :)
Hi all,
we are facing issues with tls cert validation. The error message is:
Could not create API client for Vault","error":"Put \"https://xxx/v1/auth/xxx/login\": tls: failed to verify certificate: x509: certificate signed by unknown authorityIs there any workaround for this kind of issue? What we already tried to do: