We have a vault instance which can be accessed publicly. From our public AKS cluster using vault-secrets-webhook we are able to inject secrets into the pods. Same setup we tried to replicate in Private AKS cluster trying to fetch the secrets from the same public vault instance
But we get below error -
time=“2024-07-17T08:07:44Z” level=info msg=“Admission review request handled” app=vault-secrets-webhook dry-run=false duration=12.571099ms kind=v1/Pod name= ns=vault-secrets-webhook op=create path=/pods request-id=c1d0df10-ab44-4c76-a4e8-84e2d71c3889 svc=http.Handler webhook-id=vault-secrets-pods webhook-kind=mutating wh-version=v1beta1
time=“2024-07-17T08:08:16Z” level=fatal msg=“failed to create vault clienttimeout [30s] during waiting for Vault token” app=vault-env
So, my question is whether Hashicorp vault support similar setup where a k8s cluster is in private network and trying to access vault in a public network using auth_method=kubernetes