Hi All,
Been trying to figure this out for a couple days. I currently have vault deployed in EKS via argoCD after upgrading, I’m seeing this error
consul: v.1.15.3
vault: v.1.13.1
eks: v.1.23
Failed build model due to WebIdentityErr: failed to retrieve credentials caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity status code: 403
I tried to perform a restore but the issue persists. I tried blowing away the application and redeploying without the issue being remediated.
I have also tried the following:
- Adjusted eks cluster role to include sts:AssumeRoleWithWebIdentity
- reverted the cluster role mentioned above, created a new role and annotated it to vault sa
The application is up, I can exec into the pods and see that the vault is unsealed.
❯ k exec -it vault-0 -- vault status
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.13.1
Build Date 2023-03-23T12:51:35Z
Storage Type consul
Cluster Name vault-cluster-xxxxx
Cluster ID xxxxx-xxxx-xxxx-xx-xxxxx
HA Enabled true
HA Cluster https://vault-1.vault-internal:8201
HA Mode standby
Active Node Address https://xx.xx.1xx.xx:8200
vault-ui is just stuck in progressing mode with the error above.