-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication failures Hashicorp Vault on Kubernetes 1.21 #13867
Comments
@sjoel Depending on whether you work with an internal or external Vault cluster either refer to:
Since you are upgrading it might be hard to fulfil the first option. In that case to fulfil this option downgrading your Openshift cluster might be your last resort, keep this in mind. Next to this: the article linked is no longer completely up-to-date and even holds bad practices in my opinion (such as recommending against disabling local issuer validation). For future references always troubleshoot the Vault documentation prior to using external sources. I hope this fixes your issue! |
Thanks Remco [RemcoBuddelmeijer] for the above info.. This helped us a lot!! We were able to fix the issue and did not downgrade our cluster. $vault write auth/kubernetes/config And verified if issuer is updated Tada! It worked! Thanks again for the quick response. |
Glad you got it working. Thanks for the assistance @RemcoBuddelmeijer! |
Describe the bug
ARO (Azure Redhat Openshift) cluster is upgraded from 4.7 to 4.8 version. However, we see issue with pods stuck in "init 0/1" state indicating connection errors.
Error from server (BadRequest): container "anm" in pod "anm-xxx-xxx" is waiting to start: PodInitializing
2022-02-01T09:29:24.556Z [INFO] auth.handler: authenticating
2022-02-01T09:29:24.564Z [ERROR] auth.handler: error authenticating: error="Error making API request.
Vault pod logs show:
[INFO] expiration: revoked lease:
lease_id=auth/kubernetes/login
To Reproduce
Steps to reproduce the behavior:
We are referring to articles that say when kubernetes is upgraded to >= 1.21, there are issues with the vault and it needs a repair https://particule.io/en/blog/vault-1.21/
Expected behavior
All application pods should be running instead they are stuck in init 0/1 state after the kubernetes (ARO) cluster upgrade
Environment:
Vault Server Version : HA Mode active
Vault CLI Version : 1.42
Server Operating System/Architecture: Vault Pods deployed in Openshift
Vault server configuration file(s):
Will share the vault yaml config files to the Developer once issue is looked at.
Please suggest on the next actions.
The text was updated successfully, but these errors were encountered: