Faild mount csi secret


i try to use csi driver to mount different secret in pod from vault.
Il run this doc Mount Vault Secrets through Container Storage Interface (CSI) Volume | Vault - HashiCorp Learn
But i have this message:
Normal Scheduled 2s default-scheduler Successfully assigned default/webapp to slave3-ipam
Warning FailedMount 0s (x3 over 2s) kubelet MountVolume.SetUp failed for volume “secrets-store-inline” : rpc error: code = Unknown desc = failed to mount secrets store objects for pod default/webapp, err: rpc error: code = Unknown desc = error making mount request: failed to create a service account token for requesting pod {webapp be6f4d93-a6b2-4a6f-9f88-2d8f73eb03c3 default webapp-sa}: the server could not find the requested resource
Any help please


Having the same issue

I’m also having the same issue.

That normally means the token request endpoint is not available in the Kubernetes API. What version of Kubernetes are you using (kubectl version)? If it’s 1.19.x or lower, there are some extra steps in the tutorial to help ensure the token request endpoint is enabled. In particular, when creating the cluster

minikube start \
    --extra-config=apiserver.service-account-signing-key-file=/var/lib/minikube/certs/sa.key \

Hi all,

I am facing the same issue.

I followed the example using the Vault CSI Provider Vault CSI Provider Examples | Vault by HashiCorp

The file based example works well. After the pod is created, the secret is available on the mounted volume.

However, I need the secrets available as environment variables, therefore I followed the second example “Environment Variable Dynamic Database Credentials” on this page.
The start of the pod fails, because no vault-db-creds-secret exist. So the csi provider did not create this secret in Kubernetes.

In the log of the vault-csi-provider only the following information is written:

2021-11-02T06:51:27.082Z [INFO] server: Processing unary gRPC call: grpc.method=/v1alpha1.CSIDriverProvider/Mount

2021-11-02T06:51:27.099Z [INFO] server.provider: secrets-store csi driver wrote secret: directory=/var/lib/kubelet/pods/69c60d4d-c0d3-4b35-bdb4-c8286bd7f793/volumes/ file=dbPassword

2021-11-02T06:51:27.099Z [INFO] server: Finished unary gRPC call: grpc.method=/v1alpha1.CSIDriverProvider/Mount grpc.time=16.932438ms grpc.code=OK err=<nil>

Any idea why the secret in Kubernetes has not been created and there is no error message coming up?
Thanks for your support.