Giters

hashicorp / hello-vault-go

Runnable examples in Go of how to integrate an application with HashiCorp Vault.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error getting response from Vault k8s login: invalid character 'C' looking for beginning of value

govindkailas opened this issue · comments

commented

Current setup,
Vault running as a helm chart on Microk8s

Status of microk8s

 microk8s status
microk8s is running

high-availability: no
  datastore master nodes: 127.0.0.1:19001
  datastore standby nodes: none
addons:
  enabled:
    dns                  # (core) CoreDNS
    ha-cluster           # (core) Configure high availability on the current node
    helm                 # (core) Helm - the package manager for Kubernetes
    helm3                # (core) Helm 3 - the package manager for Kubernetes
    hostpath-storage     # (core) Storage class; allocates storage from host directory
    storage              # (core) Alias to hostpath-storage add-on, deprecated

Status of vault helm

 microk8s helm ls -A
NAME 	NAMESPACE      	REVISION	UPDATED                                	STATUS  	CHART       	APP VERSION
vault	vault-namespace	1       	2023-12-04 03:17:31.543238414 +0000 UTC	deployed	vault-0.27.0	1.15.2

Pods and Service

k get po,svc -n vault-namespace
NAME                                        READY   STATUS    RESTARTS   AGE
pod/vault-agent-injector-6cbf7887db-49vnl   1/1     Running   0          6d23h
pod/vault-0                                 1/1     Running   0          6d23h

NAME                               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
service/vault-internal             ClusterIP   None             <none>        8200/TCP,8201/TCP   6d23h
service/vault                      ClusterIP   10.152.183.172   <none>        8200/TCP,8201/TCP   6d23h
service/vault-agent-injector-svc   ClusterIP   10.152.183.81    <none>        443/TCP             6d23h

The vault-client is deployed on a different namespace, when I access the app url it's throwing the below error,

2023/12/11 02:49:54 Received Request - Port forwarding is working.
Read JWT: eyJhbGciOiJSUzI1NiIsImtpZCI6InJ1WGd6Q29sX ...
Error getting response from Vault k8s login: invalid character 'C' looking for beginning of value

If I exec in to the vault-client pod and run the equivalent curl command its returning the client_token

curl -k -s --request POST     --data '{"jwt": "'$jwt_token'", "role": "go-app-role"}'     https://vault.vault-namespace:8200/v1/auth/kubernetes/login | jq
  {
  "request_id": "1edabfdd-a048-3446-c4ab-81ef87c8dd09",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "wrap_info": null,
  "warnings": null,
  "auth": {
    "client_token": "REDACTED",
    "policies": [
      "default",
      "go-app-policy"
    ],
    "token_policies": [
      "default",
      "go-app-policy"
    ],
    "metadata": {
      "role": "go-app-role",
      "service_account_name": "go-vault",
      "service_account_namespace": "go-app",
      "service_account_secret_name": "",
      "service_account_uid": "54ee5f4f-61a0-406d-8f72-9952896c5667"
    },
    "lease_duration": 86400,
    "renewable": true,
    "entity_id": "f23a2a3d-8854-2b24-c997-268bf462021d",
    "token_type": "service",
    "orphan": true,
    "mfa_requirement": null,
    "num_uses": 0
  }
}

So this seems to be matching whats defined as a type VaultLoginResponse in types.go

How do I debug more? Can we add more details to the error?

commented

Opened in the wrong repo,
I have created another one here, hashicorp-education/learn-vault-hello-world#5