Vault Agent Deployment - Pod not initiating

Vault
1

Trying to deploy the Vault Agent in a Kubernetes Cluster on AWS EKS.

The pod for the injector deployment keeps crashing with the error:

handler: Starting handler…
Error listening: listen tcp: address 8080: missing port in address

My injector deployment and service and webhook is based off the example given in the helm chart.

I have not been able to figure out the problem. I am attaching the files. Any help in pointing me what I am doing wrong would be helpful

INJECTOR DEPLOYMENT YAML

apiVersion: apps/v1

kind: Deployment

metadata:

name: {{.Values.component_name}}-webhook

namespace: {{.Values.component_name}}

labels:

app: {{.Values.component_name}}-webhook

spec:

strategy:

type: Recreate

replicas: 1

selector:

matchLabels:

  app: {{.Values.component_name}}-webhook

template:

metadata:

  labels:

     app: {{.Values.component_name}}-webhook

spec:

  serviceAccountName: {{.Values.component_name}}-webhook

  hostNetwork: false

  securityContext:

    runAsNonRoot: true

    runAsGroup: 1000

    runAsUser: 100

  containers:

    - name: {{.Values.component_name}}-webhook

      image: "hashicorp/vault-k8s"

      securityContext:

        allowPrivilegeEscalation: false

      ports:

      - containerPort: 8080

      env:

        - name: AGENT_INJECT_LISTEN

          value: "8080"

        - name: AGENT_INJECT_LOG_LEVEL

          value: "info"

        - name: AGENT_INJECT_VAULT_ADDR

          value: "https:{{.Values.component_name}}.{{.Values.component_name}}.svc:443"

        - name: AGENT_INJECT_VAULT_AUTH_PATH

          value: "auth/kubernetes"

        - name: AGENT_INJECT_VAULT_IMAGE

          value: "vault"

        - name: NAMESPACE

          valueFrom:

            fieldRef:

              fieldPath: metadata.namespace

        - name: AGENT_INJECT_CPU_REQUEST

          value: "250m"

        - name: AGENT_INJECT_CPU_LIMIT

          value: "500m"

        - name: AGENT_INJECT_MEM_REQUEST

          value: "64Mi"

        - name: AGENT_INJECT_MEM_LIMIT

          value: "128Mi"

        - name: POD_NAME

          valueFrom:

            fieldRef:

              fieldPath: metadata.name

      args:

        - agent-inject

        - 2>&1

      livenessProbe:

        httpGet:

          path: /health/ready

          port: 8080

          scheme: HTTP

        failureThreshold: 2

        initialDelaySeconds: 5

        periodSeconds: 2

        successThreshold: 1

        timeoutSeconds: 5

      readinessProbe:

        httpGet:

          path: /health/ready

          port: 8080

          scheme: HTTP

        failureThreshold: 2

        initialDelaySeconds: 5

        periodSeconds: 2

        successThreshold: 1

        timeoutSeconds: 5

INJECTOR SERVICE YAML

apiVersion: v1

kind: Service

metadata:

name: {{.Values.component_name}}-webhook

namespace: {{.Values.component_name}}

spec:

type: ClusterIP

selector:

app: {{.Values.component_name}}-webhook

ports:

- name: http

  port: 8080

  targetPort: 8080
2

I’m assuming you mean you’re try to running a sidecar pod inside of a deployment?

I don’t enough about Kubernetes to be able to very helpful, but I can tell you that errors usually means the config parser failed to parse the proto://ip:port line of your config file.
It is expecting all three parts to be always there.
example: https://10.1.2.3:8200
I would remove all of your values.yaml and get it working first, then start adding in the config sections to see where it’s expecting the value.

3

Thanks. I was able to isolate the problem. It was missing a : before the port number.

So :8080 instead of 8080

Appreciate your help