Closed alifiroozi80 closed 5 months ago
Hi @alifiroozi80, we've run into this on EKS before too, and it turned out to be a connectivity issue (similar to what you mentioned about GKE). Finding the correct security group to modify can be tricky, though if you're using the EKS module for terraform, adding something like this might help for opening port 8080 from the k8s API server to the nodes:
node_security_group_additional_rules = {
ingress_vault_injector_webhook = {
description = "Access to Vault Agent Injector webhook endpoint from API server"
protocol = "tcp"
from_port = 8080
to_port = 8080
type = "ingress"
source_cluster_security_group = true
}
}
Hello @tvoran That was precisely the case! Thanks, man! I indeed use Terraform, and after adding your block to my Terraform scripts, everything is now working as expected. Thanks again🍻
I was fighting this for an entire day. Thanks a bunch @tvoran !
saved my day, thanks!
Hello Folks I've installed Vault
1.15.2
in my EKS cluster. The K8s cluster version is1.28.X
.I've enabled the Vault Agent Injector, but it's not working in. the EKS cluster! The exact configuration works on a bare-metal cluster, but not on an EKS one!
But when it's being created, there is no sidecar!
Here are my Vault installation values:
Here is the
vault-agent-injector
log:Note 1: Again: the exact config and file Are perfectly working with another self-hosted K8s cluster Note 2: I've already searched, and something similar to my problem exists on GKE, and there, you have to open up a couple of ports. On EKS, everything should work as expected without any further steps, but it's not.
I appreciate any help.