You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
step-issuer.values.txt
Hi team,
I am attempting to deploy (via the smallstep Helm chart) an instance of step-issuer on AKS. The cluster is running:
Kernel version: 1.27.1
step-certificates: v0.24.2 (also deployed via the smallstep Helm chart)
step-issuer: v0.7.0
I am receiving the following error when deploying the step-issuer instance: {"level":"error","ts":"2023-08-15T04:51:40Z","logger":"controllers.StepClusterIssuer","msg":"failed to initialize provisioner","stepclusterissuer":"/ecdsa-aks-step-issuer","error":"error parsing provisioner encrypted key: square/go-jose: compact JWE format must have five parts","errorVerbose":"square/go-jose: compact JWE format must have five parts\nerror parsing provisioner encrypted key\ngithub.com/smallstep/certificates/ca.decryptProvisionerJWK\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:158\ngithub.com/smallstep/certificates/ca.loadProvisionerJWKByKid\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:179\ngithub.com/smallstep/certificates/ca.NewProvisioner\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:54\ngithub.com/smallstep/step-issuer/provisioners.NewFromStepClusterIssuer\n\t/src/provisioners/step.go:61\ngithub.com/smallstep/step-issuer/controllers.(*StepClusterIssuerReconciler).Reconcile\n\t/src/controllers/stepclusterissuer_controller.go:91\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1598","stacktrace":"github.com/smallstep/step-issuer/controllers.(*StepClusterIssuerReconciler).Reconcile\n\t/src/controllers/stepclusterissuer_controller.go:93\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235"}
The YAML config for the deployment is attached as "step-issuer.values.txt".
It seems like the StepClusterIssuer information is incomplete (or wrong), but the Step-Certificates instance is issuing certificates correctly.
The text was updated successfully, but these errors were encountered:
From the error, it looks like the provisioner JWK provisioner with kid B5MjjDUqy64XitU1lEQ06WEt4UL2H1VZi-_UpYybB58 doesn't have a valid encryptedKey value. At least that's my guess seeing this error compact JWE format must have five parts. That encryptedKey is generally in the ca.json, although it can be stored in a database if step-ca is configured with it.
You can get the encryptedKey value using step ca provisioner list, and you can make sure it is properly formatted if you see a private key in JWK format when you type:
echo <encyrptedKey> | step crypto jwe decrypt
Using the password from the secret ecdsa-iss-step-certificates-provisioner-password.password.
PS: kid, if provided, is used by default instead of the name aksissuer.
step-issuer.values.txt
Hi team,
I am attempting to deploy (via the smallstep Helm chart) an instance of step-issuer on AKS. The cluster is running:
I am receiving the following error when deploying the step-issuer instance:
{"level":"error","ts":"2023-08-15T04:51:40Z","logger":"controllers.StepClusterIssuer","msg":"failed to initialize provisioner","stepclusterissuer":"/ecdsa-aks-step-issuer","error":"error parsing provisioner encrypted key: square/go-jose: compact JWE format must have five parts","errorVerbose":"square/go-jose: compact JWE format must have five parts\nerror parsing provisioner encrypted key\ngithub.com/smallstep/certificates/ca.decryptProvisionerJWK\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:158\ngithub.com/smallstep/certificates/ca.loadProvisionerJWKByKid\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:179\ngithub.com/smallstep/certificates/ca.NewProvisioner\n\t/go/pkg/mod/github.com/smallstep/[email protected]/ca/provisioner.go:54\ngithub.com/smallstep/step-issuer/provisioners.NewFromStepClusterIssuer\n\t/src/provisioners/step.go:61\ngithub.com/smallstep/step-issuer/controllers.(*StepClusterIssuerReconciler).Reconcile\n\t/src/controllers/stepclusterissuer_controller.go:91\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1598","stacktrace":"github.com/smallstep/step-issuer/controllers.(*StepClusterIssuerReconciler).Reconcile\n\t/src/controllers/stepclusterissuer_controller.go:93\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:235"}
The YAML config for the deployment is attached as "step-issuer.values.txt".
It seems like the StepClusterIssuer information is incomplete (or wrong), but the Step-Certificates instance is issuing certificates correctly.
The text was updated successfully, but these errors were encountered: