Error while trying to configure the kuberntes auth method(API)

mantri425 · July 22, 2020, 6:51pm

Hi,

i am trying to configure the Kubernetes auth method using the API, but it is showing the following error, but the same has been working in the cli. Is there an existing bug on this?

curl \
    --insecure \
    --header "X-Vault-Token:s.eH2OP3aKPOlffR1j0QG6xEBq" \
    --request POST \
    --data @payload.json\
https://10.106.5.108:8200/v1/auth/kubernetes/config
{"errors":["no handler for route 'auth/kubernetes/config'"]}

martinhristov90 · July 23, 2020, 6:16am

Hello,

Can you verify that the kubernetes auth method is enabled at kubernetes/ path by doing vault auth list -detailed?

What happens if you do vault read auth/kubernetes/config from the CLI ?

Kind regards,
Martin

mantri425 · July 23, 2020, 12:18pm

Thank you Martin

I actually found the api to enable the kubernetes under the “system backends”, the following worked

curl --insecure --header “X-Vault-Token:s.dfvtJLmfO2hWJrCA9cSZut8t”
–request POST
–data ‘{“type”:“kubernetes”,“description”:“kubernetes auth”}’
https://10.105.117.214:8200/v1/sys/auth/kubernetes

mantri425 · July 24, 2020, 2:49am

I deployed the app(by following steps in https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar/) in “pvtest” namespace but i see the following error,not sure what i am missing

 kubectl logs -n pvtest basic-secret-55d6c9bb6f-zbjcw vault-agent-init
* permission denied" backoff=2.475605024
2020-07-24T02:44:08.943Z [INFO]  auth.handler: authenticating
2020-07-24T02:44:08.952Z [ERROR] auth.handler: error authenticating: error="Error making API request.

    URL: PUT https://sva-vault.vault.svc:8200/v1/auth/kubernetes/login
    Code: 403. Errors:

    * permission denied" backoff=2.214826753

Do i need to login as follows before i deploy the app?
curl --insecure
–request POST
–data ‘{“role”: “dev-role”, “jwt”: “eyJhbGciOiJSUzI1NiIsImtpZCI6IjExSW13NEh0ME5MRTRTZUxJRnNKQWRxdEJwNm52T09EdVhXT1hBWG1yMHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJ2YXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJzdmEtdmF1bHQtdG9rZW4tYmxuemciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoic3ZhLXZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTg0NmQ4YmQtZTY0Mi00YWM5LWEyZGUtNGJmMDIzNGIwYjdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnZhdWx0OnN2YS12YXVsdCJ9.rue9vzQ0kJ1zVuRxdY9KKCg_9OTiR2Dcvvs31kPKMoqlSOqA4n31UAMmhRbGvF9BUmzv6wat4_Z7MXj3HfF3E9Pc4vUzjf8x3EwXtKhb7s8XvrxtWcnYudUTdUlPyPzTPiw2B59Y8Cryi8GscKDY9HtXOB9OwtrFroXyO6CR0T-PZdnaUXi7DRRvRGf6EXXmOfi7KiMgsGUgQ0ZCsfdFYTEG7yH2a7NdqCw-PZL4UHouNHa2UTabW29hcWQi6ndeMceANMPq6syA563pQtCd_19uGELMYFuFKb0831zilbctxPVHJ440kzI_FYHsbdi5UE-P94hlaIfsjbFzI5sbow”}’
https://10.105.117.214:8200/v1/auth/kubernetes/login

Topic		Replies	Views
Kubernetes auth method getting permission denied Vault vault	3	357	January 17, 2023
How to enable kubernetes auth method via Go API Vault	2	1230	May 25, 2021
Kubernetes Authentication denied Vault k8s	16	14413	April 10, 2023
Vault agent unable to authenticate in new Kubernetes cluster Vault k8s	4	3592	August 19, 2021
[INFO] agent.auth.handler: authenticating [URL: PUT http://x.x.svc:8200/v1/auth/kubernetes/login\|Code: 403\|permission denied] Vault k8s	1	938	February 1, 2024

Error while trying to configure the kuberntes auth method(API)

Related topics