I’ve encountered a weird issue with the Vault kubernetes agent injector. I’m using k8 version 1.21 on EKS, the agent (using external Vault) is installed using helm chart (0.16.0), and authorization is set up with k8 authorization type. (The general setup is very similar to Integrate a Kubernetes Cluster with an External Vault | Vault - HashiCorp Learn)
When launching a deployment, the authorization goes through with no issues,
vault-init-container is launched successfully and secrets are being injected into the pod. That makes me think that the k8 authorization is set up correctly.
The issue arises only when I’m launching another deployment that also uses a vault agent to inject secrets into the pods. The first pod is launched successfully, the second pod fails because
vault-init-container all of sudden cannot authorize anymore, throwing:
[ERROR] auth.handler: error authenticating: error="context deadline exceeded" backoff=1s
I’ve tried enabling
debug logs with no luck. As for k8 vault authorization setup, the issuer & ca certificate is configured correctly (while looking around most similar issues were related to those parameters not being added). And, as I mentioned, the authorization work with no issues if the secrets are being injected only into one pod.
Does anyone know what might be the issue here and/or could point me in the direction where I could find the answer?