Been trying to figure this out for a couple days. I currently have vault deployed in EKS via argoCD after upgrading, I’m seeing this error
Failed build model due to WebIdentityErr: failed to retrieve credentials caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity status code: 403
I tried to perform a restore but the issue persists. I tried blowing away the application and redeploying without the issue being remediated.
I have also tried the following:
- Adjusted eks cluster role to include sts:AssumeRoleWithWebIdentity
- reverted the cluster role mentioned above, created a new role and annotated it to vault sa
The application is up, I can exec into the pods and see that the vault is unsealed.
❯ k exec -it vault-0 -- vault status Key Value --- ----- Recovery Seal Type shamir Initialized true Sealed false Total Recovery Shares 5 Threshold 3 Version 1.13.1 Build Date 2023-03-23T12:51:35Z Storage Type consul Cluster Name vault-cluster-xxxxx Cluster ID xxxxx-xxxx-xxxx-xx-xxxxx HA Enabled true HA Cluster https://vault-1.vault-internal:8201 HA Mode standby Active Node Address https://xx.xx.1xx.xx:8200
vault-ui is just stuck in progressing mode with the error above.