This repository was archived by the owner on Dec 6, 2024. It is now read-only.
This repository was archived by the owner on Dec 6, 2024. It is now read-only.
Vault-generated private keys throw FailedToConstructPrivateKey errors #91
Description
Hello-
I've deployed linkerd as well as a couple sample applications with linkerd-tcp containers. We've successfully applied cfssl and openssl certificates and keys, but are having trouble with keys generated with Vault. Our pk8-encoded key will throw the error "WrongNumberOfKeysInPrivateKeyFile" and our regular .key file will throw "FailedToConstructPrivateKey" errors. There does not appear to be any errors with the certificates on the client side. We have similar vault-generated certs that work with our main linkerd service mesh.
client configuration:
routers:
...
client:
kind: io.l5d.static
configs:
- prefix: /svc/server
connectTimeoutMs: 400
tls:
dnsName: "server.default.svc.cluster.local"
trustCerts:
- /io.buoyant/linkerd/certs/tls.chain
server configuration:
routers:
...
servers:
- ip: 0.0.0.0
port: 7474
dstName: /$/inet/127.1/80
tls:
defaultIdentity:
privateKey: /io.buoyant/linkerd/certs/tls.key
certs:
- /io.buoyant/linkerd/certs/tls.crt
Is there any reason that this may be happening to Vault keys and not other private keys?