Short version of my problem - I have a setup for the Vault Sidecar Injector with all components healthy, and sidecar annotations specified in an example app that come from a previously working setup, but the injector is not responding to the annotations, and it is not logging anything meaningful.
I’ve got logLevel: "trace" specified in the Helm yaml installing the injector, and also in the annotations. When I look at logs with kubectl -n vault logs vault-agent-injector-867f5fdffd-86cn5, all I get is
Apparently since I am not seeing any log activity, the webhook that should be invoked on pod CREATE and UPDATE isn’t getting invoked by Kubernetes. I wonder if there are logs somewhere in Kubernetes to show me a MutatingWebHook processing error.
Thanks for the reply. What I learned yesterday, the injector webhook isn’t even getting called. It should be called for every pod create/update irrespective of the pod’s annotations, and that should result in log output in the injector
// Handle is the http.HandlerFunc implementation that actually handles the
// webhook request for admission control. This should be registered or
// served via an HTTP server.
func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) {
h.Log.Info("Request received", "Method", r.Method, "URL", r.URL)
I don’t see Request received at all. Again the injector was installed via Helm with this values.yaml: