Open Colbize opened 1 year ago
Hi @Colbize, I wonder if your vault-k8s deployment has the environment variable AGENT_INJECT_VAULT_NAMESPACE
set? That would set the default vault namespace for all injected vault-agent's, and it sounds like you're needing to override that to be empty in order to get things working.
Hi @tvoran thanks for responding. We do not have the environment variable AGENT_INJECT_VAULT_NAMESPACE
set in our vault server deployment variables. We are deploying vault v1.10.3
via the helm chart.
Describe the bug When configuring Agent Sidecar Injector in our helm charts for secret injection the annotation
vault.hashicorp.com/namespace
must exist even if it's not used.It must exist in annotations and be set to a empty string:
To Reproduce Steps to reproduce the behavior:
vault.hashicorp.com/namespace
in theannotations:
==> Vault agent configuration: Cgo: disabled Log Level: info Version: Vault v1.10.3 Version Sha: af866591ee60485f05d6e32dd63dde93df686dfb
2022-08-08T21:20:57.716Z [INFO] sink.file: creating file sink 2022-08-08T21:20:57.716Z [INFO] sink.file: file sink configured: path=/home/vault/.vault-token mode=-rw-r----- 2022-08-08T21:20:57.717Z [INFO] template.server: starting template server 2022-08-08T21:20:57.717Z [INFO] (runner) creating new runner (dry: false, once: false) 2022-08-08T21:20:57.717Z [INFO] sink.server: starting sink server 2022-08-08T21:20:57.717Z [INFO] auth.handler: starting auth handler 2022-08-08T21:20:57.717Z [INFO] auth.handler: authenticating 2022-08-08T21:20:57.717Z [INFO] (runner) creating watcher 2022-08-08T21:21:57.717Z [ERROR] auth.handler: error authenticating: error="context deadline exceeded" backoff=1s 2022-08-08T21:21:58.718Z [INFO] auth.handler: authenticating
Authentication works when
vault.hashicorp.com/namespace
is includedExpected behavior Authentication with vault and secret injection.
Environment
Kubernetes version: AWS EKS 1.22
vault-k8s version: v1.10.3