-
Notifications
You must be signed in to change notification settings - Fork 33
Open
Description
The help says
-k8s-auth-mount string
The vault mount where k8s auth takes place (env: K8S_AUTH_MOUNT, note: will infer via k8s metadata api if left unset) (default "kubernetes")
I'm setting the env variable via
env:
- name: K8S_AUTH
value: 'true'
- name: K8S_AUTH_MOUNT
value: 'kubernetes'
- name: VAULT_ADDR
value: 'http://vault.vault-system.svc.cluster.local:8200'
on a kubernetes init container running daytona.
But the logs on that init container show me that it's trying to infer the auth endpoint from GCPs metadata API:
{"level":"info","applicationName":"daytona","time":"2022-12-20T16:24:39Z","message":"Attempting kubernetes auth.."}
{"level":"error","applicationName":"daytona","error":"Error making API request.\n\nURL: PUT http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetes-gcp-<cluster-name>/login\nCode: 403. Errors:\n\n* permission denied","time":"2022-12-20T16:24:39Z","message":"failed to retrieve vault token"}
I would expect that the auth endpoint is http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetes
Tested on latest version v1.2.4
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels