Cloud Vault with Kubernetes auth service account #3501
Unanswered
javierguzman
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello all,
I have the paid cloud version of Hashi Vault and I'm trying to get my EKS cluster login properly to the vault. I configure my vault backend like this:
And for external-secrets I do:
However, I keep getting 403 permission denied. I have tried to pass the "kubernetes_ca_cert" field as well without success.
On the other hand, if I create a static secret and use it instead of serviceAccountRef, and also use the token_reviewer_jwt and the kubernetes_ca_cert coming from such a token, then it works ok.
The service account has also the cluster role "system:auth-delegator".
Does anyone know what I am missing?
Thank you in advance and regards
Beta Was this translation helpful? Give feedback.
All reactions