Kubernetes auth method getting permission denied

Hi Here, I have a setup like this

  • Vault running in a pod
  • An application running in a pod
  • I’m on kubernetes version 1.21

I have set up kubernetes auth method using this documentation.

  • kubernetes auth config enabled
  • cluster role binding done
  • role created also and binded the right service account and namespace
  • I have created a default policy that grants access to the secret path (using wildcard)

When I tried to access the secrets from the application pod, i get permission denied. below is the command I’m using to test.

    curl \
    --request GET \
    --data '{"jwt": "my-token-here", "role": "dev"}' \

Please what i’m I missing.

This is incorrect and certainly will be enough to break it. Delete that part.

You may also need to fix the Content-Type sent with the request:

-H "Content-Type: application/json"

since curl --data implies a default of application/x-www-form-urlencoded, which this is not. I’m not sure whether Vault cares about this, or can figure out what you actually meant despite receiving an incorrect Content-Type header.

Hi Maxb, thank you for your response. I only used this method for testing, I also get the same error in the pod.

Can anyone please hep, still getting this error

{"level":"FATAL","time":"2023-01-17T08:24:31.329+0100","msg":"failed to load secrets","error":"Error making API request.\n\nURL: GET https://vault.dev/v1/secret/private\nCode: 403. Errors:\n\n* permission denied"}

when I try to login via the API using the same, it was successful, but i can’t see to understand why the pod can’t authenticate with the valid JWT when it tries to fetch secret