Description:
I’m encountering an issue where the Vault Agent Injector fails to trigger in my GCP-based Kubernetes cluster, despite working perfectly in a local Multipass VM setup. I followed the tutorial by Anvesh Muppalla exactly, but the problem persists only in the cloud environment.
Setup Details:
Infrastructure:
Created 3 GCP VMs using Terraform (1 control plane, 2 workers)
Network: VPC with firewall rules for Kubernetes components (ports 22, 443, 6443, 2379-2380, 10250, 30000-32767, 8100-18200, ICMP)
OS: Ubuntu 20.04 LTS
**Kubernetes:**
Cluster deployed using Kubespray
Version: v1.32.0
Vault Installation:
- Helm chart values (
vault-values.yaml):
global:
enabled: true
server:
dev:
enabled: false
standalone:
enabled: true
config: |
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = true
}
storage "file" {
path = "/vault/data"
}
dataStorage:
enabled: true
size: 8Gi
storageClass: "standard"
accessMode: ReadWriteOnce
injector:
enabled: true
logLevel: debug
extraEnvironmentVars:
VAULT_ADDR: "http://vault.vault.svc.cluster.local:8200"
replicaCount: 1
Symptoms:
No Vault sidecar containers injected into pods
MutatingWebhookConfiguration exists but shows no activity
Injector logs show no errors (only startup messages)
Environment Comparison:
| Component | Local cluster (VaultWorking) | GCP Cluster ( Vault Not Working ) |
|---|---|---|
| Kubernetes Version | v1.32.0 | v1.32.0 |
| — | — | – |
| CNI | Calico | Calico |
| Vault Version | 1.15.3 | 1.15.3 |
| Storage Class | local-path | GCP PD (standard) |
| Firewall Rules | Default allow | Explicit GCP firewall |