Vault Kubernetes Auth with AKS Private Link Cluster


we are trying to enable Kubernetes Auth with a Private Link enabled AKS Cluster according to this guide:

The guide is working fine for public AKS Clusters but it seems not to work with private AKS Clusters although we repeated the steps for each cluster.

The Vault logs display the following error when trying to login with kubernetes sa token:

2020-05-26T12:01:17.869Z [ERROR] auth.kubernetes.auth_kubernetes_5c5367cf: login
unauthorized due to: lookup failed: [invalid bearer token, square/go-jose: erro
r in cryptographic primitive, the server has asked for the client to provide cre

Is there someone who experienced similar issues? Any comments and thoughts on this are appreciated.

Kind regards

Okay we managed to find out what was wrong. Apparently our role configurations were wrong.