Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YAML Parse error when using caNamespaces: ["*"] #76

Open
3 tasks done
Twinki14 opened this issue Dec 8, 2023 · 1 comment
Open
3 tasks done

YAML Parse error when using caNamespaces: ["*"] #76

Twinki14 opened this issue Dec 8, 2023 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.

Comments

@Twinki14
Copy link

Twinki14 commented Dec 8, 2023
edited
Loading

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I agree to follow the Code of Conduct.

Vault Helm Chart Version

1.20.1

Bank-Vaults Version

1.30.0

Kubernetes Version

1.27.0

Kubernetes Distribution/Provisioner

k3s

Expected Behavior

When using,

values:
  tls:
    caNamespaces:
    - "*"

Alongside the vault helm chart as part of it's values.yaml, the helm install/upgrade will succeed and apply the tls secrets to all namespaces

Actual Behavior

When using,

values:
  tls:
    caNamespaces:
    - "*"

Alongside the vault helm chart as part of it's values.yaml, I'm getting a YAML parse error

Helm upgrade failed: YAML parse error on vault/templates/secret.yaml: error converting YAML to JSON: yaml: line 5: did not find expected alphabetic or numeric character Last Helm logs: preparing upgrade for vault resetting values to the chart's original version

Steps To Reproduce

No response

Logs

No response

Additional Information

I'm using Flux in combination with it's HelmRelease CRD, here's the full YAML

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: vault
spec:
  interval: 30m
  suspend: false
  upgrade:
    remediation:
      # Number of retries that should be attempted on failures before bailing, a negative integer equals to unlimited retries
      retries: 20
  chart:
    spec:
      chart: vault
      version: "1.x"
      sourceRef:
        kind: HelmRepository
        name: bank-vaults-repo
      interval: 12h
  # https://github.com/bank-vaults/vault-helm-chart/blob/main/vault/values.yaml
  values:
    tls:
      caNamespaces:
      - "*"
    unsealer:
      args: ["--mode", "k8s", "--k8s-secret-namespace", "vault", "--k8s-secret-name", "bank-vaults"]
      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
    serviceAccount:
      name: "vault"
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    vault:
      externalConfig:
        auth:
        - type: kubernetes
          roles:
          # Allow every pod in the default namespace to use the secret kv store
          - name: default
            bound_service_account_names: "*"
            bound_service_account_namespaces: "*"
            policies:
            - allow_secrets
@Twinki14 Twinki14 added the kind/bug Categorizes issue or PR as related to a bug. label Dec 8, 2023
@ramizpolic
Copy link
Member

Thanks for reporting this @Twinki14, we will look into it

@csatib02 csatib02 mentioned this issue Feb 8, 2024
Closed
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Mar 31, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Apr 18, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 6, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jul 7, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Jul 7, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Jul 7, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Sep 8, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot Sep 8, 2024
@csatib02 csatib02 added lifecycle/keep Denotes an issue or PR that should be preserved from going stale. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Sep 8, 2024
@csatib02 csatib02 moved this from 🆕 New to 🔖 Ready for work in Project backlog Sep 8, 2024
@github-project-automation github-project-automation bot moved this to 🆕 New in Project backlog Sep 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/keep Denotes an issue or PR that should be preserved from going stale.
Projects
Project backlog
Status: 🔖 Ready for work
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: YAML parse error when using wildcard CA namespace
3 participants
@Twinki14 @ramizpolic @csatib02