We upgraded kubernetes nodes to 1.21 and with that our Vault secret promotion stopped working. We were running somewhat outdated 1.6.0 version which I upgraded to 1.9.4 reading docs.
Now that “iss” error is gone I’ve run into more problems.
What is the suggested way to make Vault work with k8s 1.21?
I get errors like:
403 - permission denied 500 - service account name not authorized
Most pods get this error now:
Error writing data to auth/kubernetes/login: Error making API request. URL: PUT http://vault.system:8400/v1/auth/kubernetes/login Code: 403. Errors: * permission denied
I’ve tried attaching new service accounts and secrets but whatever I do, I can’t make vault work. Actually vault as it self works fine. I can authenticate to it, open Web UI, manage secrets and such but vault-deployer and vault-controller have problems logging in. Also another deployment is not running since it can’t auth to vault.
I would appreciate any help on how to fix current setup.