-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrading from 1.11.x to 1.13.x breaks kubernetes authentication for quarkus-vault extension #16453
Comments
hello @fmarissel, try setting a bigger read timeout. the default is 1 sec: |
hello @vsevel, I increased the value (I also tried 30S) but i still got the same error :/ |
It might be a configuration issue ? (vault.url is not substituted ?, etc). It can make sense to report the connection URL at a trace log level if the connection fails |
After some research, it seems vault authentication is now handled by vertx web client. And vertx web client ignore JVM settings like NON_PROXY_HOSTS (for VAULT_URL) which is the cause of the timeout |
it seems you found out the root cause. separately I validated that running a kubernetes auth with a |
hi @fmarissel some work has been done on eclipse-vertx/vert.x#3919, which may solve the issue you are reporting. |
eclipse-vertx/vert.x#3919 has been merged. |
hi @vsevel sorry i wasn't available last week. I tried to upgrade to 2.0.0.Alpha2 but quarkus-universe-bom is missing and i didn't see anything about that in the migation guide : |
You can use |
I upgraded to Quarkus 2.0.0.Alpha2 and vertx-core 4.1.0.Beta1 but I don't find a way to pass nonProxyHost variable to vertx web client |
@vsevel we merged the upgrade to Vert.x 4.1.0.Beta1 this week. Would it be good enough to prepare a PR for this? |
I checked and unfortunately this feature is not in 4.1.0.Beta1. I created a PR for the enhancement here #17369 so that we keep track of it. |
Yes, it will be in vertx 4.1.0.CR1 |
@gsmet I was planning to do it as soon as it would be available. |
Describe the bug
I use quarkus-vault extension to access secrets dynamically.
I use client-token authentication for local development and kubernetes authentication for production (see below for configuration).
I upgraded from version 1.11.x to 1.13.x and everything works fine for local development. But when I tried to deploy into kubernetes, I get the following exception during kubernetes authentication :
Configuration
Environment (please complete the following information):
Docker image
openjdk:14
Output of
java -version
Java 14
Build tool (ie. output of
mvnw --version
orgradlew --version
)Maven 3.6
Additional context
I tried one month ago to upgrade from 1.11.x to 1.12.x and had the same error.
I didn't change anything else except the following property after upgrade :
The text was updated successfully, but these errors were encountered: