Setup:
external vault server version 1.12.1
RKE2 kubernetes cluster 1.22.6+rke2r1
Kubernetes deploy with vault-agent & consul-template sidecar
I’ve created a deployment with 3 replicas the first 2 pods come up fine but occasionally the 3rd pod fails to start, consul-template
pod logs
2022-11-21T00:35:07.138Z [WARN] (view) vault.read(hd/data/data/secret): vault.read(hd/data/data/secret): Error making API request.
URL: GET https://myvaultserver:8200/v1/hd/data/data/secret
Code: 400. Errors:
* error performing token check: failed to look up namespace from the token: no namespace (retry attempt 1 after "1s")
Deleting the pod sometimes fixes it, sometimes the pod needs to be deleted a couple of times .
there are no messages in the vault server logs
any idea why this might be happening?
Garry