vault_kubernetes_auth_backend_config - kubernetes_ca_cert not optional

[Rohmilchkaese]

Hi All,

I'm trying to configure an Auth Kubernetes Backend. The Docs clearly state, that an kubernetes_ca_cert ist optional. But I'm getting an Error that indicates the exact opposite.

Affected Resource(s)

• vault_kubernetes_auth_backend_config

Terraform Configuration Files

resource "vault_auth_backend" "kubernetes" {
  type = "kubernetes"
  path = "${var.subdomain}.${var.domain}.test"
}

resource "vault_kubernetes_auth_backend_config" "cluster" {
  backend                = "${var.subdomain}.${var.domain}.test"
  kubernetes_host        = "${var.subdomain}.${var.domain}:6443"
  issuer                 = "https://kubernetes.default.svc"
}

resource "vault_kubernetes_auth_backend_role" "cluster" {
  backend                          = "${var.subdomain}.${var.domain}.test"
  role_name                        = "vault-auth"
  bound_service_account_names      = ["vault-auth"]
  bound_service_account_namespaces = ["default"]
  token_ttl                        = 3600
  token_policies                   = ["default", "${var.vault_policy}"]
}

Logs

│ Error: error writing Kubernetes auth backend config "auth/NAME_AUTH/config": Error making API request.
│ 
│ URL: PUT https://URL/v1/auth/NAME_AUTH/config
│ Code: 400. Errors:
│ 
│ * one of pem_keys or kubernetes_ca_cert must be set
│ 
│   with vault_kubernetes_auth_backend_config.cluster,
│   on vault.tf line 6, in resource "vault_kubernetes_auth_backend_config" "cluster":
│    6: resource "vault_kubernetes_auth_backend_config" "cluster" {

Expected Behavior

Config my Kubernetes Auth Backend.

Actual Behavior

Error about missing kubernetes_ca_cert or pem_keys

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply without kubernetes_ca_cert or pem_keys