Vault-agent-injector fails if replicas > 1

Hello good people,

I have gone through the motions of installing vault-agent-injector and configured it to talk to an external vault cluster. Kubernetes auth works !

When I start and patch a deployment with replicas=1 everything works as advertised, well almost but that that is another story. I used the nginx example from the tutorial.

If I edit the self same deployment to 2 or more replicas the vault-agent-init gets a “Forbidden” response, all else being identical.

Any ideas / clues / pointers ? I was thinking maybe the vault server will not allow the generation of a new token for the same JWT.

Thank you!

Please post the exact commands and errors as they happened

Hi @angelos, you’ll want to set the number of replicas in the helm chart values (injector.replicas) instead of scaling the deployment directly since the chart adds some extra settings and rbac to work with multiple replicas.