Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consul-server-acl-init found no secret of type 'kubernetes.io/service-account-token' associated with the consul-auth-method service account #1768

Closed
rgish opened this issue Dec 2, 2022 · 1 comment · Fixed by #1770
Closed

Consul-server-acl-init found no secret of type 'kubernetes.io/service-account-token' associated with the consul-auth-method service account #1768

rgish opened this issue Dec 2, 2022 · 1 comment · Fixed by #1770
Labels
type/bug Something isn't working

Comments

@rgish
Copy link

rgish commented Dec 2, 2022
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

The pod consul-server-acl-init logs "2022-12-02T16:54:25.759Z [ERROR] found no secret of type 'kubernetes.io/service-account-token' associated with the consul-auth-method service account" for OpenShift environment with Client Version 4.10.16, Server Version 4.11.12, Kubernetes version v1.24.6+5157800, Consul 1.14.1, Envoy Proxy 1.24.0, and Consul K8s Control Plane 1.0.1.

Reproduction Steps

Steps to reproduce this issue, eg:

  1. Create config file
cat > dc1.yaml <<EOF
apiGateway:
  enabled: false
  image: 'hashicorp/consul-api-gateway:0.4.0'
  logLevel: trace
  managedGatewayClass:
    serviceType: NodePort
    useHostPorts: true
  resources:
    limits:
      cpu: 250m
      memory: 250Mi
    requests:
      cpu: 250m
      memory: 250Mi
client:
  replicas: 1
  enabled: true
  grpc: true
  resources:
    limits:
      cpu: 250m
      memory: 250Mi
    requests:
      cpu: 250m
      memory: 250Mi
connectInject:
  cni:
    cniBinDir: /home/kubernetes/bin
    cniNetDir: /etc/cni/net.d
    enabled: true
    logLevel: debug
    resourceQuota:
      pods: 3
    resources:
      limits:
        cpu: 250m
        memory: 250Mi
      requests:
        cpu: 250m
        memory: 250Mi
  default: false
  disruptionBudget:
    enabled: true
  enabled: true
  k8sAllowNamespaces:
    - '*'
  k8sDenyNamespaces: []
  namespaceSelector: |
    matchExpressions:
      - key: "kubernetes.io/metadata.name"
        operator: "NotIn"
        values: ["kube-system","local-path-storage"]
  resources:
    limits:
      cpu: 100m
      memory: 50Mi
    requests:
      cpu: 100m
      memory: 50M
  sidecarProxy:
    concurrency: 2
    resources:
      limits:
        cpu: 100m
        memory: 100Mi
      requests:
        cpu: 100m
        memory: 100Mi
  transparentProxy:
    defaultEnabled: true
    defaultOverwriteProbes: true
controller:
  enabled: true
  logLevel: trace
  replicas: 1
  resources:
    limits:
      cpu: 100m
      memory: 50Mi
    requests:
      cpu: 100m
      memory: 50Mi
dns:
  enabled: true
global:
  enabled: true
  acls:
    manageSystemACLs: true
    enable_token_persistence: true
    default_policy: allow
  consulSidecarContainer:
    resources:
      limits:
        cpu: 50m
        memory: 50Mi
      requests:
        cpu: 20m
        memory: 25Mi
  datacenter: dc1
  gossipEncryption:
    autoGenerate: true
  image: 'image-registry.openshift-image-registry.svc:5000/consul/consul:1.14.1-ubi'
  imageEnvoy: 'envoyproxy/envoy:v1.24.0'
  imageK8S: >-
    image-registry.openshift-image-registry.svc:5000/consul/consul-k8s-control-plane:1.0.1-ubi
  log-level: trace
  name: consul
  openshift:
    enabled: true
  primary_datacenter: dc1
  tls:
    enableAutoEncrypt: true
    enabled: true
    verify: true
server:
  bootstrapExpect: 1
  connect: true
  disruptionBudget:
    enabled: true
  log-level: trace
  replicas: 1
  securityContext:
    runAsNonRoot: false
    runAsUser: 0
  resources:
    limits:
      cpu: 250m
      memory: 250Mi
    requests:
      cpu: 250m
      memory: 250Mi
  storage: 50Gi
  storageClass: thin
ui:
  enabled: true
  service:
    type: NodePort
EOF
  1. Install Consul in your cluster
helm install consul hashicorp/consul \
  --values dc1.yaml \
  --create-namespace \
  --namespace consul \
  --version "1.0.1" \
  --wait

--->

Logs

POD 

NAME                                          READY   STATUS     RESTARTS      AGE
consul-client-rznth                           0/1     Init:0/1   1 (41s ago)   2m41s
consul-client-snr48                           0/1     Init:0/1   1 (41s ago)   2m41s
consul-client-zcsj2                           0/1     Init:0/1   1 (42s ago)   2m41s
consul-cni-dtd8l                              1/1     Running    0             2m41s
consul-cni-k8gnz                              1/1     Running    0             2m41s
consul-cni-zn6t2                              1/1     Running    0             2m41s
consul-connect-injector-655644776c-v5w4m      0/1     Running    2 (35s ago)   2m41s
consul-server-0                               1/1     Running    0             2m40s
consul-server-acl-init-4blnk                  0/1     Error      0             2m40s
consul-server-acl-init-4rb8b                  0/1     Error      0             110s
consul-server-acl-init-679lr                  0/1     Error      0             116s
consul-server-acl-init-hg6kj                  0/1     Error      0             93s
consul-server-acl-init-m2j76                  0/1     Error      0             2m18s
consul-server-acl-init-pv954                  0/1     Error      0             2m4s
consul-server-acl-init-wcwx2                  0/1     Error      0             2m11s
consul-webhook-cert-manager-597f5759d-jp5rg   1/1     Running    0             2m41s

consul-client/client-acl-init 

2022-12-02T21:54:36.904Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:37.904Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:38.905Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:39.906Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:40.907Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:41.908Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:42.909Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:43.910Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:44.911Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:45.912Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:46.913Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:47.914Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:48.915Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:49.915Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:50.916Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:51.917Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:52.918Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:53.918Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:54.919Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:55.920Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:56.922Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:57.922Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:58.923Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:54:59.924Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:00.925Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:01.926Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:02.927Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:03.928Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:04.929Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:05.930Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:06.931Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:07.932Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:08.933Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:09.935Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:10.936Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:11.937Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:12.938Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:13.939Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:14.940Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:15.941Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:16.942Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:17.943Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:18.944Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:19.945Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:20.946Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:21.947Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:22.948Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:23.949Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:24.950Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:25.951Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:26.953Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:27.954Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:28.954Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:29.955Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:30.956Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:31.957Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:32.958Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:33.958Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:34.959Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:35.960Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:36.961Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:37.962Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:38.963Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:39.964Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:40.965Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:41.966Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:42.966Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:43.967Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:44.968Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:45.969Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:46.970Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:47.971Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:48.971Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:49.972Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:50.973Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:51.974Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:52.975Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:53.975Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:54.976Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:55.977Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:56.978Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:57.979Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:58.980Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:55:59.981Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:00.981Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:01.982Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:02.983Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:03.984Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:04.985Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:05.986Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:06.987Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:07.988Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:08.989Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:09.990Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:10.991Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:11.992Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:12.993Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:13.994Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:14.995Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:15.996Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:16.997Z [ERROR] unable to login: error="Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:16.997Z [ERROR] Hit maximum retries for consul login: error="error logging in: Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"
2022-12-02T21:56:16.997Z [ERROR] Failed to login to Consul: error="error logging in: Unexpected response code: 403 (ACL not found: auth method \"consul-k8s-component-auth-method\" not found)"

consul-connect-injector/sidecar-injector 

2022-12-02T21:55:49.826Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:49.827Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:49.827Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:50.028Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:50.028Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:50.403Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:50.404Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:50.404Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:50.605Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:50.605Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:51.602Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:51.603Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:51.603Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:51.805Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:51.805Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:52.841Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:52.842Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:52.842Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:53.043Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:53.043Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:54.013Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:54.014Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:54.014Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:54.215Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:54.215Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:57.154Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:55:57.155Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:57.155Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:55:57.356Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:55:57.357Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:02.484Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:56:02.485Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:02.485Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:02.687Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:02.687Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:08.154Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:56:08.155Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:08.155Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:08.356Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:08.356Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:13.354Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:56:13.355Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:13.355Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:13.557Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:13.557Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:27.157Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:56:27.159Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:27.159Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:27.359Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:27.360Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:41.263Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:56:41.264Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:41.264Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:56:41.466Z [ERROR] consul-server-connection-manager: ACL auth method login failed: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
2022-12-02T21:56:41.466Z [ERROR] consul-server-connection-manager: connection error: error="rpc error: code = InvalidArgument desc = auth method \"consul-k8s-component-auth-method\" not found"
unable to start Consul server watcher: context canceled
2022-12-02T21:56:48.860Z [INFO]  consul-server-connection-manager: stopping

consul-server-acl-init 

2022-12-02T21:50:47.028Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:47.507Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:48.612Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:50.139Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:51.074Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:53.540Z [ERROR] Error resolving IP Address: err="failed to resolve DNS name: consul-server.consul.svc: lookup consul-server.consul.svc on 10.11.0.10:53: no such host"
2022-12-02T21:50:57.500Z [INFO]  No bootstrap token from previous installation found, continuing on to bootstrapping
2022-12-02T21:51:01.820Z [INFO]  Success: bootstrapping ACLs - PUT /v1/acl/bootstrap
2022-12-02T21:51:01.824Z [INFO]  Success: writing bootstrap Secret "consul-bootstrap-acl-token"
2022-12-02T21:51:01.824Z [INFO]  Setting Consul server tokens
2022-12-02T21:51:01.827Z [INFO]  Success: creating agent policy - PUT /v1/acl/policy
2022-12-02T21:51:01.830Z [INFO]  Success: creating server token for {10.121.6.108 } - PUT /v1/acl/token
2022-12-02T21:51:01.831Z [INFO]  Success: updating server token for {10.121.6.108 } - PUT /v1/agent/token/agent
2022-12-02T21:51:01.831Z [INFO]  consul-server-connection-manager: trying to connect to a Consul server
2022-12-02T21:51:01.832Z [INFO]  consul-server-connection-manager: discovered Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:51:01.832Z [INFO]  consul-server-connection-manager: current prioritized list of known Consul servers: addresses=[10.121.6.108:8502]
2022-12-02T21:51:02.034Z [INFO]  consul-server-connection-manager: connected to Consul server: address=10.121.6.108:8502
2022-12-02T21:51:02.034Z [INFO]  consul-server-connection-manager: updated known Consul servers from watch stream: addresses=[10.121.6.108:8502]
2022-12-02T21:51:02.037Z [INFO]  Success: calling /agent/self to get datacenter
2022-12-02T21:51:02.037Z [INFO]  Current datacenter: datacenter=dc1 primaryDC=dc1
2022-12-02T21:51:02.039Z [INFO]  Success: getting consul-auth-method ServiceAccount
2022-12-02T21:51:02.042Z [INFO]  Success: getting consul-auth-method-dockercfg-ncdqg Secret
2022-12-02T21:51:02.042Z [ERROR] found no secret of type 'kubernetes.io/service-account-token' associated with the consul-auth-method service account
2022-12-02T21:51:02.042Z [INFO]  consul-server-connection-manager: stopping

SECRETS 

consul-auth-method                                      kubernetes.io/service-account-token   4      12m
consul-auth-method-dockercfg-ncdqg                      kubernetes.io/dockercfg               1      12m
consul-auth-method-token-s7w87                          kubernetes.io/service-account-token   4      12m

CODE 

// createAuthMethodTmpl sets up the auth method template based on the connect-injector's service account
// jwt token. It is common for both the connect inject auth method and the component auth method
// with the option to add namespace specific configuration to the auth method template via `useNS`.
func (c *Command) createAuthMethodTmpl(authMethodName string, useNS bool) (api.ACLAuthMethod, error) {
	// Get the Secret name for the auth method ServiceAccount.
	var authMethodServiceAccount *apiv1.ServiceAccount
	serviceAccountName := c.withPrefix("auth-method")
	err := c.untilSucceeds(fmt.Sprintf("getting %s ServiceAccount", serviceAccountName),
		func() error {
			var err error
			authMethodServiceAccount, err = c.clientset.CoreV1().ServiceAccounts(c.flagK8sNamespace).Get(c.ctx, serviceAccountName, metav1.GetOptions{})
			return err
		})
	if err != nil {
		return api.ACLAuthMethod{}, err
	}

	var saSecret *apiv1.Secret
	var secretNames []string
	if len(authMethodServiceAccount.Secrets) == 0 {
		// In Kube 1.24+ there is no automatically generated long term JWT token for a ServiceAccount.
		// Furthermore, there is no reference to a Secret in the ServiceAccount. Instead we have deployed
		// a Secret in Helm which references the ServiceAccount and contains a permanent JWT token.
		secretNames = append(secretNames, c.withPrefix("auth-method"))
	} else {
		// ServiceAccounts always have a SecretRef in Kubernetes < 1.24. The Secret contains the JWT token.
		for _, secretRef := range authMethodServiceAccount.Secrets {
			secretNames = append(secretNames, secretRef.Name)
		}
	}
	// Because there could be multiple secrets attached to the service account,
	// we need pick the first one of type "kubernetes.io/service-account-token".
	// We will fetch the Secrets regardless of whether we created the Secret or Kubernetes did automatically.
	for _, secretName := range secretNames {
		var secret *apiv1.Secret
		err = c.untilSucceeds(fmt.Sprintf("getting %s Secret", secretName),
			func() error {
				var err error
				secret, err = c.clientset.CoreV1().Secrets(c.flagK8sNamespace).Get(c.ctx, secretName, metav1.GetOptions{})
				return err
			})
		if secret != nil && secret.Type == apiv1.SecretTypeServiceAccountToken {
			saSecret = secret
			break
		}
	}
	if err != nil {
		return api.ACLAuthMethod{}, err
	}

	// This is unlikely to happen since we now deploy the secret through Helm, but should catch any corner-cases
	// where the secret is not deployed for some reason.
	if saSecret == nil {
		return api.ACLAuthMethod{},
			fmt.Errorf("found no secret of type 'kubernetes.io/service-account-token' associated with the %s service account", serviceAccountName)
	}

Expected behavior

Find "consul-auth-method kubernetes.io/service-account-token" or "consul-auth-method-token-s7w87 kubernetes.io/service-account-token" instead of "consul-auth-method-dockercfg-ncdqg kubernetes.io/dockercfg ."

Environment details

OpenShift environment with

  • Client Version 4.10.16
  • Server Version 4.11.12
  • Kubernetes version v1.24.6+5157800
  • Consul 1.14.1
  • Envoy Proxy 1.24.0
  • Consul K8s Control Plane 1.0.1

Additional Context

Consul UI can be logged into with the Bootstrap Token if Access Controls need to be modified.
@rgish rgish added the type/bug Something isn't working label Dec 2, 2022
@kschoche kschoche mentioned this issue Dec 12, 2022
Merged
2 tasks
@thisisnotashwin thisisnotashwin mentioned this issue Feb 14, 2023
Closed
2 tasks
@david-yu
Copy link
Contributor

Just as a note you should use API Gateway 0.5.0 with Consul 1.14.0 otherwise you will likely see errors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@david-yu @rgish