raffaelespazzoli / credscontroller Goto Github PK

When I try to run the spring-example project, it fails with the following error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'secretController': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'password' in value "${password}"

I deployed the spring-legacy-example project using the same vault and vault-controller as the one used to deploy the spring-example project. This project works fine and I get the secret back using the GET request.

Can you provide me support on the cause of this issue?

log.txt

I've built spring-example image correctly:

Then I apply spring-sample-yaml file. So, deploymentconfig and service are pushed to openshift.
However, decploymentconfig is trying to set up pods but:

The logs onlt gets me that:

Scaling spring-example-1 to 1
error: update acceptor rejected spring-example-1: pods for rc 'spring-example/spring-example-1' took longer than 600 seconds to become available

Any ideas?

Getting this error any suggestion i did provide anyuid -z default

Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
==> Vault server configuration:

                 Backend: file
                     Cgo: disabled
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "", tls: "enabled")
               Log Level: debug
                   Mlock: supported: true, enabled: false
                 Version: Vault v0.6.5
             Version Sha: 5d8d702f33b5fd965cbe8d6d0728295de813a196

==> Vault server started! Log data will stream in below:

2017/05/11 15:07:20.314633 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
2017/05/11 15:07:27.272667 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
2017/05/11 15:07:27.428863 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
2017/05/11 15:07:27.429325 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
2017/05/11 15:07:37.427476 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
2017/05/11 15:07:37.427674 [ERROR] core: barrier init check failed: error=failed to check for initialization: open /vault-file-backend/file/core/_keyring: permission denied
==> Vault shutdown triggered

Hi,

I have been facing a manifest unknown issues for both the go-dep-1-build pods as well as the spring example ones.

Is there any chance I am missing something in the steps ?

Followed both guides:

https://blog.openshift.com/vault-integration-using-kubernetes-authentication-method/

https://blog.openshift.com/integrating-vault-with-legacy-applications/

Failed to pull image "registry.svc.ci.openshift.org/origin/4.3-2019-10-29-062458@sha256:8184092486c345c2b757f366f146218a115e5d7a92b481cb76257358653ec852": rpc error: code = Unknown desc = Error reading manifest sha256:8184092486c345c2b757f366f146218a115e5d7a92b481cb76257358653ec852 in registry.svc.ci.openshift.org/origin/4.3-2019-10-29-062458: manifest unknown: manifest unknown

Had a look at the following, but its too generic for deployments that doesn't have an external reference I believe ?

https://blog.openshift.com/openshift-and-manifest-unknown/

Thanks in advance.

Jose

The vault container failed to run with following error logs:

chown: /vault/file: Operation not permitted
chown: /vault/file: Operation not permitted

I have found that the log infomation is located ./vendor/github.com/hashicorp/vault/vault/init.go.
I also try to execute the chown command and it return following information to me.

/ # chown vault:vault /vault/file
chown: /vault/file: Operation not permitted

The persist volume is provided by NFS server within the cluster. The ownner for the NFS export path is nobody:nobody.
I also try to change the default scc to allow pod run as any, but it is not work.
I also try to rebuild the vault container and remove the command that will chown the file /vault/file, then the pod will up, but I can not visit the web. It seems like it is not the right way to resolve this issue.
Could you give me some suggestion to fix this issue?

Hi when I am creating spring example application in the Openshift using the template yaml its not able to save the pod.beta.kubernetes.io/init-containers annotations contents in the spring application deployment configuration in Openshift. Can you please help me if I need to do a Openshift cluster administration setting so that it will be able to save pod.beta.kubernetes.io/init-containers in deployment config

Could you take a look at this log?

I've been able to inject the wrapped token into init container. See vault-controller log:

time="2018-06-05T14:29:13Z" level=info msg="token request from 10.128.0.1:53286"
time="2018-06-05T14:29:14Z" level=info msg="Container Port in Init Container: 8443"
time="2018-06-05T14:29:14Z" level=info msg="successfully pushed wrapped token to https://10.128.0.29:8443 "

However, I feed spring-example doesn't quite to work fine so far.