You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
We have a deployment resource that is configured to use the Vault agent injector. This deployment resource also has some additional volume mounts with a mount path containing serviceaccount keyword. Recently we have upgraded to Vault 1.9.4. And somehow the agent injector integration is broken and the process couldn't able to find the token injected by the Vault agent.
Deploy application annotated for vault-agent injection
Define additional volumes and mounts for the deployment. Configure one of the mount path to have serviceaccount keyword. Eg. /opt/app/serviceaccount/data .
See error (vault injector logs, vault-agent logs, etc.)
Expected behavior
The agent should ignore volume mounts other than vault related or filter the volumes based on specfic name.
Environment
vault: vault:1.9.4
vault-k8s version: hashicorp/vault-k8s:0.14.2
The text was updated successfully, but these errors were encountered:
Describe the bug
We have a deployment resource that is configured to use the Vault agent injector. This deployment resource also has some additional volume mounts with a mount path containing
serviceaccount
keyword. Recently we have upgraded to Vault 1.9.4. And somehow the agent injector integration is broken and the process couldn't able to find the token injected by the Vault agent.We are suspecting this piece of code at https://github.com/hashicorp/vault-k8s/blob/main/agent-inject/agent/agent.go#L700:L714 might be doing something.
Can someone confirm?
To Reproduce
Steps to reproduce the behavior:
serviceaccount
keyword. Eg./opt/app/serviceaccount/data
.Expected behavior
The agent should ignore volume mounts other than vault related or filter the volumes based on specfic name.
Environment
The text was updated successfully, but these errors were encountered: