0

I am trying to execute the Dapr -Secret management using Vault in k8s env.

https://github.com/dapr/quickstarts/tree/master/secretstore

Applied the following component Yaml for vault .

Component yaml:

apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: vault spec: type: secretstores.hashicorp.vault version: v1 metadata:

name: vaultAddr value: vault:8270 # Optional. Default: "https://127.0.0.1:8200" name: skipVerify # Optional. Default: false value : true name: vaultTokenMountPath # Required. Path to token file. value : root/tmp/

Token file is created under root/tmp path and tried to execute the service. I am getting the following errors.

Permission denied error. (even though I have given all the read/write permissions.)

I tried applying permission to the file not able to access. Can anyone please provide solution.

user1116036
  • 9
  • 1

2 Answers2

0

Your YAML did not format well but it looks like your value for vaultTokenMountPath is incomplete. It needs to point to the file not just the folder root/tmp/. I created a file called vault.txt and copied my root token into it. So my path would be root/tmp/vault.txt in your case.

Donovan
  • 598
  • 2
  • 7
0

I was able to make it work in WSL2 by pointing to a file (/tmp/token in my case). I was unable to make it work in kubernetes as I did not find any way to inject file in the DAPR sidecar, opened issue on github for this: https://github.com/dapr/components-contrib/issues/794

Banchio
  • 1
  • 1
  • I spoke to members of the team. The problem is there is no way to mount a volume on the sidecar. So the file can never be found when running in K8s. So I submitted a pull request that will enable the setting of the token from a K8s secret. – Donovan Apr 03 '21 at 15:54