Operator reconciler error "Invalid header field value" when retrieving an item from vault

billfettersbillfetters
Community Member

New to Secrets Automation. Kubernetes 1.22.5... I followed the README and created a deployment using the operator.yaml with "MANAGE_CONNECT" = "true". I also did a straight up deployment of Connect and the Operator. In either case, I cannot retrieve an item from the vault.. I get the error message on the operator.

{"level":"error","ts":1653005968.0524516,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"onepassworditem-controller","request":"default/sandbox-certificate","error":"Failed to retrieve item: Get http://onepassword-connect:8080/v1/vaults/'vault_id'/items?filter=title+eq+%22sandbox-certificate%22: net/http: invalid header field value \"Bearer BEARER_TOKEN_DATA\\n\" for key Authorization","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/workspace/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90"}

My dnsutils pod correctly finds onepassword-connect using nslookup...
Postman (9.18.3) polls the vault and the items just fine (on the NodePort 31080) using the same BEARER token... I don't like the \\n\ at the end of the BEARER token. Am I looking at the correct thing? There are no extra spaces or line feeds in the op-session file... just the token.

I can also poll the vault and items using OP CLI. I know its not the same, just adding info.

Any advice?


1Password Version: 8.7.0
Extension Version: 2.3.3
OS Version: MacOS 12.4
Referrer: forum-search:kubernetes

Comments

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file