Vault secret injection in GKE cluster

devnidhin7 · February 16, 2022, 12:41pm

HI

I have integrated it on GKE cluster
Below link shows the step which i have followed

I am getting insufficient permission below is LOG
91mError authenticating: unable to sign JWT for projects/-/serviceAccounts/my-service-gsa@cloudforte-containers.iam.gserviceaccount.com using given Vault credentials: googleapi: Error 403: Request had insufficient authentication scopes."

"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT""

“Reason: insufficientPermissions, Message: Insufficient Permission”

Is there any permission which i have to give cluster level and service account, and what are the permission which i have to give ?

bankinobi · May 16, 2022, 12:35pm

Hey @devnidhin7
Have exactly the same issue. Did you find any way out of it?

Topic		Replies	Views
Permission denied when authenticating pod to external vault service running on gke Vault	0	402	October 6, 2020
Vault gcs backend Vault	3	1059	October 8, 2020
403 permission denied when you configure Vault Injector to connect to external Vault Vault vault	4	2233	March 1, 2022
[Failed to Retrieve Secrets Following Vault Server Failover in Kubernetes High-Availability Cluster][Permission Denied] Vault k8s , raft , vault	1	156	February 1, 2024
Permission denied when try retrieve secrets from vault to k8s pod using vault-webhook Vault k8s	1	70	July 16, 2024

Vault secret injection in GKE cluster

Related topics