#kubernetes (2021-11)

kubernetes

Archive: https://archive.sweetops.com/kubernetes/

2021-11-25

contact871 avatar
contact871

Hi, anyone experienced with Vault Injector could help me with the issue I described here https://sweetops.slack.com/archives/CLWUJP0SH/p1637862515011400

Hello,

I use the following workflow: • created a temporary pod with vault binary inside. Used for it serviceAccount: vault-injector-agent-injector , which is also used by the vault-injector-agent-injector pod • then I exec into the temporary pod and execute

$ vault write "auth/k8s-main/config" \
  token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
  [email protected]/var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
  kubernetes_host="https://${KUBERNETES_HOST}" \
  issuer="${ISSUER}"
Success! Data written to: auth/k8s-main/config

As long as this pod is running everything is fine and Vault Injector works as expected. When I kill the temporary pod then my pods (which use Vault Injector) get stuck in Init:0/1 state and the logs hang with:

$ kubectl -n some-ns logs -f --tail 10 some-pod-69785cc69b-4j9mt -c vault-agent-init
2021-11-25T17:34:42.918Z [INFO]  auth.handler: authenticating
2021-11-25T17:34:42.972Z [ERROR] auth.handler: error authenticating:
  error=
  | Error making API request.
  | 
  | URL: PUT <https://vault.example.com/v1/auth/k8s-main/login>
  | Code: 403. Errors:
  | 
  | * permission denied
   backoff=4m48.8s

I would appreciate any feedback, tips how to make this more permanent

2021-11-21

Brad McCoy avatar
Brad McCoy

I have just finished my latest blog to help people study and pass the new KCNA exam, hope it helps! https://blog.bradmccoy.io/how-to-pass-your-kcna-exam-cf98cfa7d70f

How to Pass your KCNA Exam attachment image

The CNCF has just launched the new Kubernetes and Cloud Native Associate Exam also known as the KCNA. I was one of the first 400 people to…

1

2021-11-15

Zach avatar

Anyone know how to workaround the prom-operator alertmanager and its desire to only match alerts by namespace (where the AlertmanagerConfig was created), when you’re using a single prom/alertmanager for the entire cluster?

2021-11-10

Muhammad Nadeem Shahzad avatar
Muhammad Nadeem Shahzad
03:52:32 PM

@ has joined the channel

    keyboard_arrow_up