Vault-agent-injector fails if replicas > 1

angelos · September 28, 2023, 9:09pm

Hello good people,

I have gone through the motions of installing vault-agent-injector and configured it to talk to an external vault cluster. Kubernetes auth works !

When I start and patch a deployment with replicas=1 everything works as advertised, well almost but that that is another story. I used the nginx example from the tutorial.

If I edit the self same deployment to 2 or more replicas the vault-agent-init gets a “Forbidden” response, all else being identical.

Any ideas / clues / pointers ? I was thinking maybe the vault server will not allow the generation of a new token for the same JWT.

Thank you!

macmiranda · September 29, 2023, 6:50pm

Please post the exact commands and errors as they happened

tvoran · October 2, 2023, 11:24pm

Hi @angelos, you’ll want to set the number of replicas in the helm chart values (injector.replicas) instead of scaling the deployment directly since the chart adds some extra settings and rbac to work with multiple replicas.

Topic		Replies	Views
Vault agent injector auto-tls isn't working when replica > 1 Vault vault	3	1138	December 13, 2022
Error: Vault agent injector Vault k8s	0	386	July 27, 2020
Issue with vault agent injector - pods not getting init container if 1 of 2 injectors restarts Vault	1	334	October 11, 2023
Vault Agent Injector Authentication (vault-k8s) Vault k8s , vault	0	318	January 4, 2023
Vault agent with external vault max auth retries? Vault k8s , vault	2	446	November 9, 2022

Vault-agent-injector fails if replicas > 1

Related topics