Hello,
I got this error from kube-apiserver
“Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
I deployed Vault with Consul following the instruction:
I was able to deploy everything and unseal the vault.
But when I try to deploy now a simple app with injection of secrets. The pods are stuck in init status or terminating status.
Any clue what causing the issue?
I checked the logs see lots of this:
E0224 05:50:15.567901 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:16.570585 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:17.574609 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:18.579003 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:19.583522 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
I0224 05:50:39.443786 1 alloc.go:327] “allocated clusterIPs” service=“default/consul-consul-connect-injector” clusterIPs=map[IPv4:10.100.154.88]
I0224 05:50:39.453162 1 alloc.go:327] “allocated clusterIPs” service=“default/consul-consul-ui” clusterIPs=map[IPv4:10.97.34.226]
I0224 05:50:39.457780 1 alloc.go:327] “allocated clusterIPs” service=“default/consul-consul-dns” clusterIPs=map[IPv4:10.107.158.19]
I0224 05:50:50.728638 1 alloc.go:327] “allocated clusterIPs” service=“vault/consul-consul-ui” clusterIPs=map[IPv4:10.101.51.95]
I0224 05:50:50.733463 1 alloc.go:327] “allocated clusterIPs” service=“vault/consul-consul-connect-injector” clusterIPs=map[IPv4:10.97.211.54]
I0224 05:50:50.738916 1 alloc.go:327] “allocated clusterIPs” service=“vault/consul-consul-dns” clusterIPs=map[IPv4:10.97.95.133]
E0224 05:50:51.551278 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:52.553420 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
E0224 05:50:53.556092 1 authentication.go:63] “Unable to authenticate the request” err=“[invalid bearer token, serviceaccounts "consul-consul-webhook-cert-manager" not found]”
I0224 05:52:42.412844 1 alloc.go:327] “allocated clusterIPs” service=“vault/vault-agent-injector-svc” clusterIPs=map[IPv4:10.97.39.36]
I0224 05:52:42.417527 1 alloc.go:327] “allocated clusterIPs” service=“vault/vault” clusterIPs=map[IPv4:10.98.79.151]
I0224 05:52:42.422289 1 alloc.go:327] “allocated clusterIPs” service=“vault/vault-active” clusterIPs=map[IPv4:10.105.193.126]
I0224 05:52:42.426962 1 alloc.go:327] “allocated clusterIPs” service=“vault/vault-standby” clusterIPs=map[IPv4:10.100.213.174]
W0224 05:52:43.477407 1 dispatcher.go:181] Failed calling webhook, failing open vault.hashicorp.com: failed calling webhook “vault.hashicorp.com”: failed to call webhook: Post “https://vault-agent-injector-svc.vault.svc:443/mutate?timeout=30s”: dial tcp 10.97.39.36:443: connect: connection refused
E0224 05:52:43.477465 1 dispatcher.go:185] failed calling webhook “vault.hashicorp.com”: failed to call webhook: Post “https://vault-agent-injector-svc.vault.svc:443/mutate?timeout=30s”: dial tcp 10.97.39.36:443: connect: connection refused
I0224 05:52:43.479826 1 trace.go:219] Trace[867445233]: “Create” accept:application/vnd.kubernetes.protobuf, /,audit-