Description
Once the pod is ready, the secret is injected into the pod at the following location:
kubectl -n example-app exec basic-secret-db4ddc86b-zpnsh -- sh -c "cat /vault/secrets/helloworld"
error:
cat: can't open '/vault/secrets/helloworld': No such file or directory
command terminated with exit code 1
LOG:
1/4/22024295247 ==> Vault agent started! Log data will stream in below:
1/4/22024398495
1/4/22024414645 ==> Vault agent configuration:
1/4/22024443986
1/4/22024455525 Cgo: disabled
1/4/22024469960 Log Level: info
1/4/22024675330 2023-04-07T16:13:56.023Z [INFO] sink.file: creating file sink
1/4/22024694224 Version: Vault v1.12.1, built 2022-10-27T12:32:05Z
1/4/22024728631 Version Sha: e34f8a14fb7a88af4640b09f3ddbb5646b946d9c
1/4/22024755294
1/4/22024697872 2023-04-07T16:13:56.023Z [INFO] sink.file: file sink configured: path=/home/vault/.vault-token mode=-rw-r-----
1/4/22025261478 2023-04-07T16:13:56.025Z [INFO] auth.handler: starting auth handler
1/4/22025298705 2023-04-07T16:13:56.025Z [INFO] auth.handler: authenticating
1/4/22025811413 2023-04-07T16:13:56.025Z [INFO] sink.server: starting sink server
1/4/22029323107 2023-04-07T16:13:56.029Z [INFO] template.server: starting template server
1/4/22029517175 2023-04-07T16:13:56.029Z [INFO] (runner) creating new runner (dry: false, once: false)
1/4/22031638351 2023-04-07T16:13:56.031Z [INFO] (runner) creating watcher
1/4/22198868986 2023-04-07T16:13:56.198Z [INFO] auth.handler: authentication successful, sending token to sinks
1/4/22198911578 2023-04-07T16:13:56.198Z [INFO] auth.handler: starting renewal process
1/4/22198991707 2023-04-07T16:13:56.198Z [INFO] template.server: template server received new token
1/4/22199006713 2023-04-07T16:13:56.198Z [INFO] sink.file: token written: path=/home/vault/.vault-token
1/4/22199015510 2023-04-07T16:13:56.198Z [INFO] (runner) stopping
1/4/22199033551 2023-04-07T16:13:56.198Z [INFO] (runner) creating new runner (dry: false, once: false)
1/4/22199196060 2023-04-07T16:13:56.198Z [INFO] sink.server: sink server stopped
1/4/22199215216 2023-04-07T16:13:56.199Z [INFO] sinks finished, exiting
1/4/22199292162 2023-04-07T16:13:56.199Z [INFO] (runner) creating watcher
1/4/22199523179 2023-04-07T16:13:56.199Z [INFO] (runner) starting
1/4/22249444615 2023-04-07T16:13:56.249Z [INFO] auth.handler: renewed auth token
1/4/22348536721 2023-04-07T16:13:59.348Z [WARN] vault.read(secret/basic-secret/helloworld): failed to check if secret/basic-secret/helloworld is KVv2, assume not: Error making API request.
1/4/22348590024
1/4/22348609166 URL: GET http://vault.vault.svc:8200/v1/sys/internal/ui/mounts/secret/basic-secret/helloworld
1/4/22348624994 Code: 403. Errors:
1/4/22348639080
1/4/22348656473 * preflight capability check returned 403, please ensure client's policies grant access to path "secret/basic-secret/helloworld/"
1/4/22351554521 2023-04-07T16:13:59.351Z [WARN] (view) vault.read(secret/basic-secret/helloworld): vault.read(secret/basic-secret/helloworld): Error making API request.
1/4/22351590552
1/4/22351608274 URL: GET http://vault.vault.svc:8200/v1/secret/basic-secret/helloworld
1/4/22351617795 Code: 403. Errors:
1/4/22351624826
1/4/22351632320 * 1 error occurred:
1/4/22351677704 * permission denied