We’ve been running Vault with EKS clusters for a while now without issue, but we’re suddenly seeing that new/rebuilt clusters are unable to authenticate - Vault is reporting this error:
[ERROR] auth.kubernetes.auth_kubernetes_da4f474b: login unauthorized due to: lookup failed: service account unauthorized; this could mean it has been deleted or recreated with a new token
We’re also seeing this error in the EKS authenticator logs each time the vault-init container runs:
time="2021-02-19T10:51:15Z" level=warning msg="access denied" client="127.0.0.1:43290" error="input token was not properly formatted: token is missing expected \"k8s-aws-v1.\" prefix" method=POST path=/authenticate
Has anyone seen this before? Can post more configs if required (but they’re the same as for our other auth backends that are working without issue, so I’m a bit confused).