Vault agent can't authenticate using k8s 1.22.5

mrjebabli · May 24, 2022, 8:50am

Hello,
i want to get my secret from vault, this is the first time to integrate vault (vault v1.10.3 ) with k8s in the same cluster and the same namespace.
I’m following this tuto, to get secret to the application but im getting always error

kubectl logs \
>     $(kubectl get pod -l app=orgchart -o jsonpath="{.items[0].metadata.name}") \
>     --container vault-agent
error: container vault-agent is not valid for pod orgchart-798cbc6c76-szd9q

and in the log vault agent injector I’m getting :

[ERROR] handler: http: TLS handshake error from 10.1.0.129:52015: remote error: tls: bad certificate

for the certificate i get it using

kubectl config view --raw --minify --flatten  
--output 'jsonpath={.clusters[].cluster.certificate-authority-data}'
 | base64 --decode

any idea how to investigate more or how to solve it .
thanks

tvoran · May 28, 2022, 12:42am

Hi there, please see my response on github: Vault agent can’t authenticate using k8s 1.22.5 · Issue #738 · hashicorp/vault-helm · GitHub

Topic		Replies	Views
Vault Agent Injector fails to inject secret: x509: certificate is valid for Vault k8s , vault	3	975	February 17, 2023
[ERROR] handler: http: TLS handshake error from 10.60.158.112:33278: remote error: tls: bad certificate Vault	0	1799	July 3, 2022
Bad certificate in vault-agent-injector Vault k8s	4	6027	July 22, 2020
Http: TLS handshake error from <IP:PORT> remote error: tls: bad certificate Vault k8s , vault	3	1463	October 9, 2023
Can't get vault-agent-init container to get a secret from Vault Vault k8s , vault	1	2991	September 28, 2021

Vault agent can't authenticate using k8s 1.22.5

Related topics