Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
New gRPC DaprClient fails for Secret API requests if mTLS is enabled
See original GitHub issueExpected Behavior
DaprClient should work with mTLS enabled.
Actual Behavior
clients created through the builder:
var client = new DaprClientBuilder().Build();
Fail to get secrets through calling client.GetSecretAsync when Dapr mTLS is enabled.
Steps to Reproduce the Problem
Deploy the following yaml to K8s:
---
# Create a Kubernetes Secret
apiVersion: v1
kind: Secret
metadata:
name: super-secret
namespace: default
type: Opaque
data:
super-secret: eW91ciBzdXBlciBzZWNyZXQK
---
# If RBAC is enabled in K8s, give the default SA access to secrets in the default namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dapr-secret-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secret-reader
subjects:
- kind: ServiceAccount
name: default
namespace: default
Create and deploy an ASP.NET Core application which implements the following call:
var secrets = await client.GetSecretAsync("kubernetes", "super-secret", new Dictionary<string, string>() { { "namespace", "default" } });
The call will fail with mTLS enabled.
Issue Analytics
- State:
- Created 4 years ago
- Comments:23 (23 by maintainers)
Top Results From Across the Web
Setup & configure mTLS certificates
In Kubernetes, the certs are persisted to a secret that resides in the namespace of the Dapr system pods, accessible only to them....
Read more >The Dapr service invocation building block
The Dapr APIs enable any application stack that supports HTTP or gRPC to use Dapr building blocks. Therefore, the service invocation ...
Read more >Dapr - As a microservice developer, finally focus on the ...
Dapr enables you to call external systems with the binding API, or that your own ... Supported platforms: Kubernetes mtls Check if mTLS...
Read more >Dapr GRPC connection Refused while getting state using . ...
I was able to get this working running with docker-compose up and turn off the swarm mode on my local docker. All 3...
Read more >Dapr for .NET Developers - GitHub
Any programming platform can call Dapr via its native HTTP and gRPC APIs. The blue boxes across the center of the figure represent...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@cmendible I have published new package version 0.5.0-preview02 witht he changes.
@cmendible Please see this PR https://github.com/dapr/dotnet-sdk/pull/263 It will be cherry-picked into 0.5.0 branch to release a new nuget package to see if it works for you. There is an internal method on DaprClientBuilder, its UseGrpcChannelOptions(). I am thinking of making it public to allow for more configurable brhavior form users in future, any feedback around it? The change will be reverted from master branch for 0.6.0 when the issue is fixed in Dapr runtime.