Hello,
I followed the walkthrough here.
I mean enabled K8s authentication, created role, policy, serviceaccount, sample application etc. as described.
…but secret couldn’t has not been injected.
In order to see the error I set failurePolicy: Fail . Now I can see what is wrong in my config.
When I attempt to deploy application, I see following error messages:
replicaset/basic-secret-6699bfc678 Error creating: Internal error occurred: failed calling webhook "vault.hashicorp.com": Post "https://vault-agent-injector-svc.vault.svc:443/mutate?timeout=30s": Address is not allowed
HEre is webhook config:
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
meta.helm.sh/release-name: vault
meta.helm.sh/release-namespace: vault
creationTimestamp: "2022-06-30T20:47:03Z"
generation: 1
labels:
app.kubernetes.io/instance: vault
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: vault-agent-injector
name: vault-agent-injector-cfg
resourceVersion: "70777477"
uid: eae083b2-5148-412c-878f-5ae84a3b8790
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
caBundle: TFMwdExTMblablalblalblba
service:
name: vault-agent-injector-svc
namespace: vault
path: /mutate
port: 443
failurePolicy: Fail
matchPolicy: Exact
name: vault.hashicorp.com
namespaceSelector: {}
objectSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: NotIn
values:
- vault-agent-injector
reinvocationPolicy: Never
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
sideEffects: None
timeoutSeconds: 30
I don’t know what to modify or where to look at…
Could you please advise?
Thanks & Regards