I have an external vault outside of Kubernetes and I’m trying to get vault-injector pods to authenticate and get secrets from that vault.
The init pods are getting this error: x509: certificate signed by unknown authority
This is because my external vault has a custom cert attached to it. I see there is an annotation for this but it’s looking for a file. Where would I specify that file in my case with an external vault?
I was able to get the custom ca to work by adding the AGENT_INJECT_VAULT_CACERT_BYTES environment variable with a base64 encoded PEM file to the injector pod.
Below outlines where to do it when using helm chart: