Hi all!
I am trying to setup rotating rabbitmq credentials in kubernetes, following the instructions from this guide here. I have found success in running a local kubernetes cluster with a Rabbitmq cluster and local instance of vault.
However when trying to deploy in a larger environment, I am encountering a 500 error with no additional logs. For context, I am using self signed certs in the cluster. These are the steps to reproduce:
vault login -tls-skip-verify <TOKEN>
# create rabbitmq creds
vault secrets enable -tls-skip-verify -path=data kv
vault kv put -tls-skip-verify data/rabbitmq RABBIT_USER=user RABBIT_PASSWORD=password
# enable secrets engine
vault secrets enable -tls-skip-verify rabbitmq
# create connection with service name
vault write -tls-skip-verify rabbitmq/config/connection \
connection_uri='https://rabbitmq.app-amqp01:15671' \
verify_connection=false \
username='user' \
password='password' \
username_template='{{.RoleName}}_{{.DisplayName}}_{{uuid}}'
# create role
vault write -tls-skip-verify rabbitmq/roles/rabbitrole \
vhosts='{"/":{"write": ".*", "read": ".*", "configure": ".*"}}' \
tags='management'
# add policy
vault policy write -tls-skip-verify rabbitmq-role - <<EOF
path "rabbitmq/creds/rabbitrole" {
capabilities = ["read"]
}
EOF
# configure lease
vault write -tls-skip-verify rabbitmq/config/lease \
ttl=60s \
max_ttl=120s
# fails at this step
vault read -tls-skip-verify rabbitmq/creds/rabbitrole
When looking at the logs, there is only this one liner
status_code=500 request_path=/v1/rabbitmq/creds/rabbitrole request_method=GET
Any assistance in this matter would be greatly appreciated!
Thanks!