Support for installing vault agent injector using helm in multiple namespaces within k8s cluster


I have an external vault cluster which is deployed and configured in AWS EKS cluster. The application instance is in GKE cluster. There are multiple teams which require the secrets from vault in multiple namespaces. Currently, the vault secrets are injected in the app pod in one of the namespace in GKE cluster. I am currently installing the vault agent injector in the namespace where the secrets are required but the creation of cluster role, cluster role bindings and mutatingwebhook fails to create in other namespaces as it is already bounded to the first namespace. How do I achieve injecting secrets to app pod deployed in multiple namespaces.

Any suggestions are much appreciated.

Thank you,

You only need one injector and mutating webhook per cluster (the cluster role and bindings will depend on the Kubernetes configuration you use). You can configure everything else via Pod annotations.