Hello Terraform users !
I’ve already posted my issue there and I don’t have the ability to move it as it seams mostly related with terraform integration with Vault : Cannot login to Kubernetes cluster using Vault token
If anyone can move the previous post, feel free. Awaiting that, here is my issue :
We are trying to deploy our app to a Kubernetes cluster. To achieve that, I am a using a Kubernetes secret backend in Vault. This gives us a token that I’m trying to pass to the kubernetes provider. However, I get an error: “invalid configuration: client-key-data or client-key must be specified for to use the clientCert authentication method.”
Here is my configuration :
provider "vault" {
address = "https://my.vault.url"
auth_login_oidc {
role = "terraform"
}
}
data "vault_kubernetes_service_account_token" "k8s_credentials" {
backend = "kubernetes"
cluster_role_binding = true
kubernetes_namespace = "terraform"
role = "terraform"
}
provider "kubernetes" {
host = "https://my.k8s.url"
token = data.vault_kubernetes_service_account_token.k8s_credentials.service_account_token
cluster_ca_certificate = file("../../../ca.crt")
}
I can generate a kubernetes token with vault, the issue is in terraform which ignores the token passed in this section:
provider "kubernetes" {
host = "https://my.k8s.url"
token = data.vault_kubernetes_service_account_token.k8s_credentials.service_account_token
cluster_ca_certificate = file("../../../ca.crt")
}
That’s this section that returns “invalid configuration: client-key-data or client-key must be specified for to use the clientCert authentication method.”
The kubernetes Token is valid and can be used with kubectl.
Do you have any idea on how to make it works?