Hello,
I am using the Vault provider for Terraform to enable Kubernetes auth for Vault.
resource "vault_auth_backend" "kubernetes" {
type = "kubernetes"
}
resource "vault_kubernetes_auth_backend_config" "kubernetes" {
backend = vault_auth_backend.kubernetes.path
kubernetes_host = var.kubernetes_host
kubernetes_ca_cert = var.kubernetes_ca_cert
token_reviewer_jwt = var.token_reviewer_jwt
}
I followed the documentation at https://www.vaultproject.io/docs/platform/k8s/helm/examples/kubernetes-auth to obtain the token_reviewer_jwt
and kubernetes_ca_cert
.
However running terraform apply, the token_reviewer_jwt
errors out with
Error: error updating Kubernetes auth backend config "auth/kubernetes/config": Error making API request.
URL: PUT [MASKED]/v1/auth/kubernetes/config
Code: 500. Errors:
* 1 error occurred:
* illegal base64 data at input byte 342
on dev/main.tf line 33, in resource "vault_kubernetes_auth_backend_config" "kubernetes":
33: resource "vault_kubernetes_auth_backend_config" "kubernetes" {
My token_reviewer_jwt
variable is what was outputted from cat /var/run/secrets/kubernetes.io/serviceaccount/token
.
I’ve also tried encoding the token_reviewer_jwt
to base64encoded. but terraform apply errors with
Error: error updating Kubernetes auth backend config "auth/kubernetes/config": Error making API request.
URL: PUT [MASKED]/v1/auth/kubernetes/config
Code: 500. Errors:
* 1 error occurred:
* not a compact JWS
on dev/main.tf line 33, in resource "vault_kubernetes_auth_backend_config" "kubernetes":
33: resource "vault_kubernetes_auth_backend_config" "kubernetes" {
ERROR: Job failed: command terminated with exit code 1