How to supply a CA file to Kustomize Controller when decrypting using Hashicorp Vault #4514
Open
1 task done
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi,
We are currently working on creating a Kustomization configuration that integrates with sops and our on-premise HashiCorp Vault. However, we are encountering an issue because the VAULT URL operates over HTTPS. The specific error we are facing is:
tls: failed to verify certificate: x509: certificate signed by unknown authority
Here is the relevant section of our Kustomization YAML:
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: test
namespace: flux-system
spec:
interval: 1m0s
path: .
prune: true
sourceRef:
kind: GitRepository
name: gitrepo-sops
Decryption configuration starts here
decryption:
provider: sops
secretRef:
name: sops-hcvault
We are seeking guidance on how to add our custom CA certificate to the kustomize-controller. It's important to note that everything is functioning correctly with the source-controller when interacting with our on-prem GitLab server over HTTPS, and we haven't added any custom CA certificates to it.
Your assistance in resolving this matter would be greatly appreciated.
Best regards,
Gilad
Steps to reproduce
install Kustomization with sops for Hashi Vault.
Expected behavior
Encrypt/Decyprt and create the desired secret in the cluster
Screenshots and recordings
No response
OS / Distro
N/A
Flux version
flux: v2.1.2 helm-controller: v0.36.2 image-automation-controller: v0.36.1 image-reflector-controller: v0.30.0 kustomize-controller: v1.1.1 notification-controller: v1.1.0 source-controller: v1.1.2
Flux check
N/A
Git provider
No response
Container Registry provider
No response
Additional context
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: