bank-vaults: consul-template sidecar: missing client token

Describe the bug

Unable to make the consul-template sidecar work, following the example The main container can read data populated by vault-env and stored as env vars, but the consult-template container complains about “missing client token”

versions: 0.4.16 & 0.4.17-rc.4

I keep getting:

kubectl -n banzaicloud-poc  log -f --all-containers pod/hello-secrets-55c7c65d48-zvs58
==> Vault server started! Log data will stream in below:

==> Vault agent configuration:

                     Cgo: disabled
               Log Level: info
                 Version: Vault v1.1.3
             Version Sha: 9bc820f700f83a7c4bcab54c5323735a581b34eb

2019-06-17T16:16:33.719Z [INFO]  sink.file: creating file sink
2019-06-17T16:16:33.719Z [INFO]  sink.file: file sink configured: path=/vault/.vault-token
2019-06-17T16:16:33.720Z [INFO]  auth.handler: starting auth handler
2019-06-17T16:16:33.720Z [INFO]  auth.handler: authenticating
2019-06-17T16:16:33.720Z [INFO]  sink.server: starting sink server
2019-06-17T16:16:33.782Z [INFO]  auth.handler: authentication successful, sending token to sinks
2019-06-17T16:16:33.782Z [INFO]  auth.handler: starting renewal process
2019-06-17T16:16:33.782Z [INFO]  sink.file: token written: path=/vault/.vault-token
2019-06-17T16:16:33.782Z [INFO]  sink.server: sink server stopped
2019-06-17T16:16:33.782Z [INFO]  sinks finished, exiting
2019/06/17 16:16:35.660281 [WARN] (clients) disabling vault SSL verification
2019/06/17 16:16:35.669231 [WARN] (view) vault.read(default/data/workloads/hello-secrets-dynamic): vault.read(default/data/workloads/hello-secrets-dynamic): Error making API request.

URL: GET https://cluster-vault.vault:8200/v1/default/data/workloads/hello-secrets-dynamic
Code: 400. Errors:

* missing client token (retry attempt 1 after "250ms")
2019/06/17 16:16:35.921565 [WARN] (view) vault.read(default/data/workloads/hello-secrets-dynamic): vault.read(default/data/workloads/hello-secrets-dynamic): Error making API request.

URL: GET https://cluster-vault.vault:8200/v1/default/data/workloads/hello-secrets-dynamic
Code: 400. Errors:

* missing client token (retry attempt 2 after "500ms")

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 17 (12 by maintainers)

Most upvoted comments

yeah, but sadly, I have no way to rebuild on top of 0.15.5 or 0.15.6 because it’s based on alpine3.7 and we do not sync alpine3.7 apk repo in our company. So I will have to put on hold my implemetation UNTIL they fix the bug introduced by 0.20.0 😕

+1
devlounge on Jun 19, 2019
Read more comments on GitHub
← localtileserver: nodata causes padding
bank-vaults: failed calling admission webhook →