New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Handshake: Bad Record MAC #243

Open

clayrosenthal opened this issue Oct 29, 2024 · 1 comment

clayrosenthal commented Oct 29, 2024

What happened:
The pod-identity-webhook fails to deploy tokens with error messages:

http: TLS handshake error from 10.42.18.151:33208: local error: tls: bad record MAC
http: TLS handshake error from 10.141.0.253:56136: remote error: tls: bad certificate

The bad MAC error is like ~80% of error messages, bad cert is the rest.

What you expected to happen:
The webhook deploys the appropriate certs and tokens so my pods can assume a role.

How to reproduce it (as minimally and precisely as possible):

Deploy the self-hosted setup on an RKE2 cluster
Create a kubeconfig with a token for the service account for the pod-identity-webhook
Put that kubeconfig in a secret and mount it to the deployment pod
Create a service account with the proper annotations
Create a pod using the service account
Expect pod to have AWS access

Anything else we need to know?:

Environment:

AWS Region: N/A
EKS Platform version: N/A (running on Rancher RKE2)
Kubernetes version: v1.28.9+rke2r1
Webhook Version: 0.5.3

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment