You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-k8s-auth-mount string
The vault mount where k8s auth takes place (env: K8S_AUTH_MOUNT, note: will infer via k8s metadata api if left unset) (default "kubernetes")
But the logs on that init container show me that it's trying to infer the auth endpoint from GCPs metadata API:
{"level":"info","applicationName":"daytona","time":"2022-12-20T16:24:39Z","message":"Attempting kubernetes auth.."}
{"level":"error","applicationName":"daytona","error":"Error making API request.\n\nURL: PUT http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetes-gcp-<cluster-name>/login\nCode: 403. Errors:\n\n* permission denied","time":"2022-12-20T16:24:39Z","message":"failed to retrieve vault token"}
I would expect that the auth endpoint is http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetes
Tested on latest version v1.2.4
The text was updated successfully, but these errors were encountered:
This is only an issue if the K8S_AUTH_MOUNT is explicitly set to kubernetes. Setting it to kubernetes-kubernetes or presumably any other string works: http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetes-kubernetes
The help says
I'm setting the env variable via
on a kubernetes init container running daytona.
But the logs on that init container show me that it's trying to infer the auth endpoint from GCPs metadata API:
I would expect that the auth endpoint is
http://vault.vault-system.svc.cluster.local:8200/v1/auth/kubernetesTested on latest version
v1.2.4The text was updated successfully, but these errors were encountered: