I’m trying to run Vault within GKE, and have followed tutorials here and here.
We’re running everything on a single cluster, and have vault in a separate vault namespace. When trying to bring up a new pod, I’ve passed in the vault.hashicorp.com/agent-inject, agent-inject-secretname, and role annotations, but get a 400 error: missing client token. The logs state “Error making API request” and “URL PUT http://vault.vault.svc:8200/v1/auth//login”, though I get the same error with “URL PUT …/v1/auth/kubernetes/login” – this was changed as someone else had a similar problem on github, though it doesn’t resolve our problem.
This problem happens in the vault-agent-init container.
Is there anything I seem to be doing wrong? How can I debug this. I’m unable to set a VAULT_TOKEN environment variable into the container throwing the error, which seemed to be a solution.