Vault: init container cannot authenticate to Vault

peache411 · June 26, 2023, 8:31am

Hello macmiranda,

Thank you for looking into my issue.

I have check the ClusterRoleBinding and it exists:

k describe clusterrolebindings.rbac.authorization.k8s.io vault-injector-server-binding 
Name:         vault-injector-server-binding
Labels:       app.kubernetes.io/instance=vault-injector
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=vault
              helm.sh/chart=vault-0.24.1
Annotations:  meta.helm.sh/release-name: vault-injector
              meta.helm.sh/release-namespace: vault
Role:
  Kind:  ClusterRole
  Name:  system:auth-delegator
Subjects:
  Kind            Name            Namespace
  ----            ----            ---------
  ServiceAccount  vault-injector  vault

As for the short-lives token solution, it is not working on my side with the following error:

vault write auth/kubernetes/config kubernetes_host="$KUBE_HOST"      
Error writing data to auth/kubernetes/config: Error making API request.       
                                                                                                                       
URL: PUT https://vault.REDACTED.net:8200/v1/auth/kubernetes/config
Code: 400. Errors:                                         
                                                                                                                       
* open /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: no such file or directory

Topic		Replies	Views
Kubernetes Authentication denied Vault k8s	16	15559	April 10, 2023
Permission denied 403 in post /v1/auth/kubernetes/login on vault-agent-init container Vault k8s	6	10665	June 21, 2023
Insane auth vault with kubernetes Vault k8s , vault	1	595	April 18, 2023
K8s Vault - New deployment - CLI on pod fails "403 permisison denied" - SOLVED Vault	7	1505	November 22, 2022
Vault injector issue Vault k8s	5	2445	May 9, 2022

Vault: init container cannot authenticate to Vault

Related topics