You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it is customary to generate kubernetes secrets based on the contents of the files. However if you occasionally do a newline there, the newline would get persisted inside a parameter (that's also b64 encrypted), and it's very hard to spot.
We probably should check for a newline everywhere we pull from secrets, and at least put an explicit warning to log files and /status of the CRD/Ingress.
it is customary to generate kubernetes secrets based on the contents of the files. However if you occasionally do a newline there, the newline would get persisted inside a parameter (that's also b64 encrypted), and it's very hard to spot.
I've seen it happening multiple times during support calls; i.e. the error from IdP (referenced in https://github.com/pomerium/internal/issues/1676) is rather cryptic as you seem to do everything right.
We probably should check for a newline everywhere we pull from secrets, and at least put an explicit warning to log files and
/statusof the CRD/Ingress.Originally posted by @wasaga in https://github.com/pomerium/internal/issues/1676#issuecomment-1889496740
The text was updated successfully, but these errors were encountered: