Comments (4)
jasonodonnell
commented on September 16, 2024
You can find some examples here: https://www.vaultproject.io/docs/platform/k8s/injector/examples.html#vault-agent-injector-examples.
The error is happening because of this: "contents" = "demo/secret" in your config.hcl
Both contents (config.hcl and config-init.hcl) should be:
{{- with secret "demo/secret" -}}{{ .Data.key }}{{- end }}
from vault-k8s.
paulrostorp
commented on September 16, 2024
@jasonodonnell My bad that was a mistake when replacing my secrets names with demo. That is the configuration I had. The error is still occurring...
Also the example doesn't work.
from vault-k8s.
phi2039
commented on September 16, 2024
I encountered the same issue. The inner double-quotes must be escaped if contained in a string literal:
"template" = {
"contents" = "{{- with secret \"demo/secret\" -}}{{ .Data.key }}{{- end }}"
"destination" = "/vault/secrets/demo"
}
(...and it wouldn't hurt to check if you also fat-fingered and put the template inside the 'auto_auth' stanza like I did 😀 )
from vault-k8s.
semihural
commented on September 16, 2024
Hi.. I had the similar issue.. /vault/configs/config-init.hcl: At 23:28: illegal char... how can I fix this ?
apiVersion: v1
kind: ConfigMap
metadata:
name: docuplatform-backend-configmap
data:
config.hcl: |
"auto_auth" = {
"method" = {
"config" = {
"role" = "docuplatform-backend"
}
"type" = "kubernetes"
}
"sink" = {
"config" = {
"path" = "/home/vault/.token"
}
"type" = "file"
}
}
"exit_after_auth" = false
"pid_file" = "/home/vault/.pid"
"template" = {
"contents" = "{{`{{- with secret \"secret/data/docuplatform-backend\" -}}
"auth_client_id_stage" : "{{ .Data.auth_client_id_stage }}",
"auth_client_id_testing" : "{{ .Data.auth_client_id_testing }}"
{{- end }}`}}"
"destination" = "/vault/secrets/docuplatform-backend"
}
"vault" = {
"address" = "https://vault.vault.svc.cluster.local:8200"
}
config-init.hcl: |
"auto_auth" = {
"method" = {
"config" = {
"role" = "docuplatform-backend"
}
"type" = "kubernetes"
}
"sink" = {
"config" = {
"path" = "/home/vault/.token"
}
"type" = "file"
}
}
"exit_after_auth" = true
"pid_file" = "/home/vault/.pid"
"template" = {
"contents" = "{{`{{- with secret \"secret/data/docuplatform-backend\" -}}
"auth_client_id_stage" : "{{ .Data.auth_client_id_stage }}",
"auth_client_id_testing" : "{{ .Data.auth_client_id_testing }}"
{{- end }}`}}"
"destination" = "/vault/secrets/docuplatform-backend"
}
"vault" = {
"address" = "https://vault.vault.svc.cluster.local:8200"
}
from vault-k8s.
Related Issues (20)
- Support for custom http headers
- Allow disabling resource limits by default in agent injector
- 'n/a' injected instead of empty value
- Could not load TLS keypair: tls: failed to find any PEM data in certificate input HOT 1
- Add option to configure a vault proxy instead of an agent HOT 1
- Injector failure mode prevents Pod deletion HOT 3
- Injector sidecar is working for inject Pod manifest but Deployment manifest doesn't work HOT 1
- Agent injector should set a maxSize for its tmpfs mount
- Vault agent overwrites kubernetes managedFields
- Allow configuration of the init/sidecar container names globally HOT 1
- Injected config tries to use IRSA token instead of the k8s service account token
- Webhook tries to add initContainer during UPDATE HOT 4
- Stuned deleting of a pod whose parents are job.
- vault.hashicorp.com/agent-init-first does not work with init containers coming from annotations
- Azure authentication method doesn't work with federated token
- Support for an agent-image built FROM scratch
- Auth config block can support common arguments from env and flags
- Tokens not revoked on Vault Agent Shutdown created via a Job using the /agent/v1/quit endpoint HOT 3
- Pipeline Request: Rebuild Dockerhub Image HOT 1
- Support for a securityContext.seccompProfile configuration HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-k8s.