You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, this no longer works for any Kubernetes cluster version 1.24 and onwards. With the CA now stored in a config map, we need an alternate command to pull the CA.
To Reproduce
Steps to reproduce the behavior:
Run the command kubectl get secret \ -o jsonpath="{.items[?(@.type==\"kubernetes.io/service-account-token\")].data['ca\.crt']}" \ | base64 --decode > ${TMPDIR}/vault.ca
Run the command cat ${TMPDIR}/vault.ca and observe that no CA certificate was printed out.
Expected behavior
Running cat ${TMPDIR}/vault.ca should print out something like the following:
Describe the bug
The current command on the deployment example is the following:
However, this no longer works for any Kubernetes cluster version 1.24 and onwards. With the CA now stored in a config map, we need an alternate command to pull the CA.
To Reproduce
Steps to reproduce the behavior:
kubectl get secret \ -o jsonpath="{.items[?(@.type==\"kubernetes.io/service-account-token\")].data['ca\.crt']}" \ | base64 --decode > ${TMPDIR}/vault.ca
cat ${TMPDIR}/vault.ca
and observe that no CA certificate was printed out.Expected behavior
Running
cat ${TMPDIR}/vault.ca
should print out something like the following:Environment:
vault status
): v.1.18.1+entvault version
): v1.15.4+entVault server configuration file(s):
n/a
Additional context
I've made the PR and am creating this issue to attach to it
The text was updated successfully, but these errors were encountered: