Use Vault injector on multiple K8S clusters?

Hi everyone,
I’m trying to use the Vault injector feature on my k8s cluster for testing purpose.
But now that my tests are complete I was thinking about my next step.
In my use case I have multiple k8s clusters, and I was wondering if I could configure the Kubernetes auth with multiple clusters.
From what I understand you specify a config with the JWT and the Kube endpoint and that’s it.
Is there a way to have multiple config to enable this kind of workflow ?

Cluster A : Vault
Cluster B : My app + vault injector
Cluster C to Z : other apps + injector ?

Anyone with an idea ?

You can only service one Kubernetes cluster per Kubernetes auth mount. If you want to be able to auth from multiple clusters, you can create multiple auth mounts, e.g.:

vault auth enable -path k8s-cluster-1 kubernetes
vault auth enable -path k8s-cluster-2 kubernetes

You can also use JWT auth instead if you really need multiple clusters per auth mount, but I wouldn’t recommend it unless you have very specific requirements and a large number of clusters leading you that way: OIDC Provider Setup - Auth Methods | Vault by HashiCorp

2 Likes

So that’s what I missed. I can enabled multiple “instances” of auth methods with different names. Thanks a lot.

1 Like