Operator reconciler error "Invalid header field value" when retrieving an item from vault

billfetters

New to Secrets Automation. Kubernetes 1.22.5... I followed the README and created a deployment using the operator.yaml with "MANAGE_CONNECT" = "true". I also did a straight up deployment of Connect and the Operator. In either case, I cannot retrieve an item from the vault.. I get the error message on the operator.

{"level":"error","ts":1653005968.0524516,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"default/sandbox-certificate","error":"Failed to retrieve item: Get http://onepassword-connect:8080/v1/vaults/'vault_id'/items?filter=title+eq+%22sandbox-certificate%22: net/http: invalid header field value \"Bearer BEARER_TOKEN_DATA\\n\" for key Authorization","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}

My dnsutils pod correctly finds onepassword-connect using nslookup...
Postman (9.18.3) polls the vault and the items just fine (on the NodePort 31080) using the same BEARER token... I don't like the \\n\ at the end of the BEARER token. Am I looking at the correct thing? There are no extra spaces or line feeds in the op-session file... just the token.

I can also poll the vault and items using OP CLI. I know its not the same, just adding info.

Any advice?

---

1Password Version: 8.7.0
Extension Version: 2.3.3
OS Version: MacOS 12.4
Referrer: forum-search:kubernetes

Jillian_1P

Hi there,

Do mind sharing your yaml file for the operator so that we can have more context?

Also if you are having trouble deploying the operator with connect, another option is to use our helm chart, which can automate a lot of the setup or you: https://github.com/1Password/connect-helm-charts/tree/main/charts/connect