Error Authenticating Vault Agent context deadline exceeded in New Installation

Vault agent is facing issue authenticating in the new installation on kubernetes.

Kubernetes Server - EKS 1.22
Vault version - 1.10.3

Auth Method - auto_auth for kubernetes

Vault agent is injected using pod annotations but fails to authenticate to the server and is stuck with line

[ERROR] auth.handler: error authenticating: error="context deadline exceeded"

I followed the guide here

auth config -

image

role -
image

policy -
image

pod annotation -

server is standalone setup by helm with tls disable and auto unseal via kms
image

I even tried HA setup with same configs, server is healthy but agent auth still fails with the same error.

I did refer the new auth guidelines as here
but to no avail in my case.

Also, I am not able to do vault login via root token itself from the pod.

Maybe this tells more about the root cause ?

The “connection refused” error suggests a problem with your Kubernetes cluster’s networking.

@maxb , can you spot any from the findings I posted ? Unfortunately, my cluster works usual for rest of the components

No, I cannot spot anything from the posted material

I got the issue sorted. It was due to istio sidecar which was intercepting the requests to authenticate.

@maxb , thank you for bringing my attention on networking part.