Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constant CSPFK010E Failed to authenticate error on startup #146

Closed
1 of 3 tasks
sigalsax opened this issue Aug 13, 2020 · 5 comments
Closed
1 of 3 tasks

Constant CSPFK010E Failed to authenticate error on startup #146

sigalsax opened this issue Aug 13, 2020 · 5 comments
Labels
component/k8s kind/bug priority/high severity/medium triage/duplicate

Comments

@sigalsax
Copy link
Contributor

sigalsax commented Aug 13, 2020
edited
Loading

Summary

The following failure log appears every time at the start of Secrets Provider.

ERROR: 2020/08/13 11:21:42 authenticator.go:140: CAKC011E Client certificate not found at '/etc/conjur/ssl/client.pem'
ERROR: 2020/08/13 11:21:42 authenticator.go:184: CAKC015E Login failed
ERROR: 2020/08/13 11:21:42 main.go:85: CSPFK010E Failed to authenticate

Steps to Reproduce

Steps to reproduce the behavior:

  1. Deploy the Secrets Provider or authn-client
  2. Check Secrets Provider /authn client logs
  3. See failure

Screen Shot 2020-08-13 at 3 07 08 PM

Expected Results

This initial error log should be appear

Actual Results (including error logs, if applicable)

A clear and concise description of what actually did happen.

Reproducible

  • Always
  • Sometimes
  • Non-Reproducible

Environment setup

Can you describe the environment in which this product is running? Is it running on a VM / in a container / in a cloud?
Container locally
Which cloud provider? Which container orchestrator (including version)?
The more info you can share about your runtime environment, the better we may be able to reproduce the issue.

Additional Information

Add any other context about the problem here.
@JfcAtCyberArk
Copy link

Hi there,

I got the exact same issue this morning.
/var/log/nginx/access.log from the master says it replied 200 to the inject_client_cert request.
Still, got CAKC011E at the authenticator level.
First time I run into this.

JFC

@izgeri
Copy link
Contributor

izgeri commented Aug 13, 2020

@sigalsax is this a duplicate of #119?

@sigalsax
Copy link
Contributor Author

@izgeri yes indeed

@eladkug eladkug mentioned this issue Aug 17, 2020
Merged
@izgeri
Copy link
Contributor

izgeri commented Aug 17, 2020

@sigalsax can we consolidate the issues then? We can either keep this one or #119.

FYI, fixing this will impact the operation of Secretless too, and will prompt the need for long-time stability tests for another Secretless stable release. I strongly suggest running long-time stability tests for the changes made in this project too, to ensure that the sidecar container continues to operate as expected through token and certificate rotations.

@sigalsax sigalsax mentioned this issue Aug 18, 2020
Closed
1 task
@sigalsax
Copy link
Contributor Author

closing due to duplication

@sigalsax sigalsax reopened this Aug 18, 2020
@cyberark cyberark deleted a comment from sigalsax Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/k8s kind/bug priority/high severity/medium triage/duplicate
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sigalsax @izgeri @JfcAtCyberArk @eladkug