Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/vault] injector does not work #26570

Closed
SpeedGriffon opened this issue May 30, 2024 · 1 comment · Fixed by #26611
Closed

[bitnami/vault] injector does not work #26570

SpeedGriffon opened this issue May 30, 2024 · 1 comment · Fixed by #26611
Assignees
@javsalgar
Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed vault

Comments

@SpeedGriffon
Copy link
Contributor

Name and Version

bitnami/vault 1.4.1

What architecture are you using?

amd64

What steps will reproduce the bug?

Default installation.

Are you using any custom parameters or values?

No response

What is the expected behavior?

No response

What do you see instead?

  • Access to the injector is blocked by the NetworkPolicy.
    The ingress rule doesn't allow connections on port .Values.injector.containerPorts.https (8080).
  • AGENT_INJECT_VAULT_ADDR is not resolvable from other namespaces.
    That means vault-agent containers can't contact the Vault server.

Additional information

I got it working as follows:

diff --git a/bitnami/vault/templates/injector/deployment.yaml b/bitnami/vault/templates/injector/deployment.yaml
index b41e8985b3..2f7e5135fb 100644
--- a/bitnami/vault/templates/injector/deployment.yaml
+++ b/bitnami/vault/templates/injector/deployment.yaml
@@ -105,7 +105,7 @@ spec:
             - name: AGENT_INJECT_LISTEN
               value: :{{ .Values.injector.containerPorts.https }}
             - name: AGENT_INJECT_VAULT_ADDR
-              value: http://{{ include "vault.server.fullname" . }}:{{ .Values.server.service.general.ports.http }}
+              value: http://{{ include "vault.server.fullname" . }}.{{ include "common.names.namespace" . }}.svc:{{ .Values.server.service.general.ports.http }}
             - name: AGENT_INJECT_VAULT_AUTH_PATH
               value: auth/kubernetes
             - name: AGENT_INJECT_VAULT_IMAGE
diff --git a/bitnami/vault/templates/injector/networkpolicy.yaml b/bitnami/vault/templates/injector/networkpolicy.yaml
index 10f309d82d..0fd70e3064 100644
--- a/bitnami/vault/templates/injector/networkpolicy.yaml
+++ b/bitnami/vault/templates/injector/networkpolicy.yaml
@@ -64,7 +64,7 @@ spec:
   {{- end }}
   ingress:
     - ports:
-        - port: {{ .Values.injector.service.ports.https }}
+        - port: {{ .Values.injector.containerPorts.https }}
       {{- if not .Values.injector.networkPolicy.allowExternal }}
       from:
         - podSelector:
@SpeedGriffon SpeedGriffon added the tech-issues The user has a technical issue about an application label May 30, 2024
@github-actions github-actions bot added the triage Triage is needed label May 30, 2024
@javsalgar javsalgar added the vault label Jun 3, 2024
@javsalgar
Copy link
Contributor

Hi!

Thank you so much for reporting the issue. Would you like to submit a PR with the proposed fix?

@SpeedGriffon SpeedGriffon mentioned this issue Jun 3, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed vault
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[bitnami/vault] fix injector SpeedGriffon/bitnami-charts
2 participants
@javsalgar @SpeedGriffon