I have created a vault cluster using vault cloud and need to inject the secret from the pod deployed in a GKE cluster. Pls suggest on how to proceed.
I am using environment variables in the deployment manifest file:
But this does not seem to connect.
I get the error:
2021-06-15T16:17:49.778Z [ERROR] auth.handler: error authenticating: error=“context deadline exceeded” backoff=32.36s
Pls suggest.
Hi @ayush.kumar1, deadline exceeded sounds like it’s likely a network connectivity issue to me. Is the VAULT_ADDR URL available over the public internet?
I think we only support AWS regions for HVNs at the moment, so to access your HCP Vault cluster (which is in an AWS region) from GKE, it would need to be over a public internet URL. Although note that exposing your Vault cluster to the public internet is “Not recommended for production clusters or services”, as per the option in the HCP portal. Sorry it’s probably not the answer you were looking for!
Hi @tomhjp : If I enable VAULT_ADDR over public internet, do I need to hardcode the VAULT_TOKEN as environment variables in the manifest file to access the VAULT_ADDR ?
You’ll still have all of the normal auth methods available to you, including token if that’s what you choose. Kubernetes auth is generally going to be a better fit within a GKE cluster though.
You have a few options for implementing that:
The latter two don’t require your application to interact directly with Vault. There are some points of comparison for those two in this issue.