Skip to content

Fix KEDA secretstore in gitlab-36dv2 and gitlab-3okls clusters

Pierre Guinoiseau requested to merge pguinoiseau/fix-keda-secretstore into master

What

Fix KEDA secretstore in gitlab-36dv2 and gitlab-3okls clusters.

Why

It's configured with the wrong auth path:

❯ kubectl describe secretstores -n keda keda-secrets
Name:         keda-secrets
Namespace:    keda
Labels:       app.kubernetes.io/instance=keda-secrets
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=vault-secrets
              helm.sh/chart=vault-secrets-1.2.13
Annotations:  meta.helm.sh/release-name: keda-secrets
              meta.helm.sh/release-namespace: keda
API Version:  external-secrets.io/v1beta1
Kind:         SecretStore
Metadata:
  Creation Timestamp:  2024-05-16T00:14:18Z
  Generation:          1
  Resource Version:    297559067
  UID:                 e3e46d84-f622-49a3-b514-aaadb7b29aaa
Spec:
  Provider:
    Vault:
      Auth:
        Kubernetes:
          Mount Path:  kubernetes/gitlab-36dv2
          Role:        keda
          Service Account Ref:
            Name:  keda-secrets
      Path:        k8s
      Server:      https://vault.ops.gke.gitlab.net
      Version:     v2
Status:
  Conditions:
    Last Transition Time:  2024-05-16T00:14:18Z
    Message:               unable to create client
    Reason:                InvalidProviderConfig
    Status:                False
    Type:                  Ready
Events:
  Type     Reason                 Age                   From          Message
  ----     ------                 ----                  ----          -------
  Warning  InvalidProviderConfig  6m33s (x94 over 21h)  secret-store  unable to log in to auth method: unable to log in with Kubernetes auth: Error making API request.

URL: PUT https://vault.ops.gke.gitlab.net/v1/auth/kubernetes/gitlab-36dv2/login
Code: 403. Errors:

* permission denied

Merge request reports