EKS 1.21 and HCP Vault 1.8.4

Hi all
I try to process this guide

with AWS EKS 1.21 and HCP Vault 1.8.4
But I got an error:
[ERROR] auth.handler: error authenticating: error=“context deadline exceeded” backoff=
in vault-agent-init container
and product container stuck in “Init:0/1” state.
Please help.
I already tried a lot of different issuers:
issuer=“kubernetes/serviceaccount”
issuer=“https://kubernetes.default.svc.cluster.local
issuer=“https://oidc.eks.us-west-2.amazonaws.com/id/XXXXXXXXXXXXX
and also
disable_iss_validation=true
but those options doesn’t work for me.

This type of error sometimes can also be due to a network issue somewhere in the interaction between your HCP Vault cluster and the EKS endpoint.

Is the kubernetes_host address you have configured in the Vault auth method only privately accessible from your VPC? If so, you may need to add a route to the HVN in HCP that is peered to your AWS VPC where your EKS cluster is. The route you configure for your HVN should target the CIDR range of the EKS cluster control plane nodes. This might help get past the current error you are facing.

It is not problem to test EKS to HCP connection. I just use curl in pod to try to reach VAULT_PRIVATE_ADDR. But are there some way to try is KUBE_HOST reachable from HCP?

I have configured connection_url for postgresql-database-plugin to use internal IP of POSTGRES_IP 10.7.X.X. And Vault have no any problem to connect to Postgres and create a password:

products-# \du
                                                        List of roles
                     Role name                      |                         Attributes                         | Member of
----------------------------------------------------+------------------------------------------------------------+-----------
 postgres                                           | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
 v-token-hc-product-RhrmdvnQyP0xKlfs9uls-1636563793 | Password valid until 2021-11-10 18:03:18+00                | {}

products-#

So we have tested HCP-AWS network, routes, and Security Groups.
All rules configured for 0-65536 port range.

I have downgraded kubernetes to 1.18
I see this message now:

2021-11-11T09:45:00.834Z [ERROR] auth.handler: error authenticating:
  error=
  | Error making API request.
  |
  | URL: PUT https://vault-cluster.private.vault.id-id-id-id-id-id-id-id.aws.hashicorp.cloud:8200/v1/admin/auth/kubernetes/login
  | Code: 403. Errors:
  |
  | * permission denied
   backoff=32.01s

In the first message I have posted the wrong URL to the guide, I have used this one:

If you are still experiencing any issues with this, please feel free to file a support ticket by emailing support@hashicorp.com or directly from the support portal.