vaultArchived
1 messages
Discussions related to Hashicorp Vault
Michał Czeraszkiewiczabout 4 years ago
Hello,
I use the following workflow:
• created a temporary pod with
• then I exec into the temporary pod and execute
As long as this pod is running everything is fine and Vault Injector works as expected.
When I kill the temporary pod then my pods (which use Vault Injector) get stuck in
I would appreciate any feedback, tips how to make this more permanent 🙂
I use the following workflow:
• created a temporary pod with
vault binary inside. Used for it serviceAccount: vault-injector-agent-injector , which is also used by the vault-injector-agent-injector pod• then I exec into the temporary pod and execute
$ vault write "auth/k8s-main/config" \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
kubernetes_host="https://${KUBERNETES_HOST}" \
issuer="${ISSUER}"
Success! Data written to: auth/k8s-main/configAs long as this pod is running everything is fine and Vault Injector works as expected.
When I kill the temporary pod then my pods (which use Vault Injector) get stuck in
Init:0/1 state and the logs hang with:$ kubectl -n some-ns logs -f --tail 10 some-pod-69785cc69b-4j9mt -c vault-agent-init
2021-11-25T17:34:42.918Z [INFO] auth.handler: authenticating
2021-11-25T17:34:42.972Z [ERROR] auth.handler: error authenticating:
error=
| Error making API request.
|
| URL: PUT <https://vault.example.com/v1/auth/k8s-main/login>
| Code: 403. Errors:
|
| * permission denied
backoff=4m48.8sI would appreciate any feedback, tips how to make this more permanent 🙂