I have been trying out HashiCorp Vault on Charmed Kubernetes v1.19.
It appears to me that my Pods can’t authenticate to the Kubernetes API even though I’ve configured Vault to use the Token Review SA.
The kubernetes-master charm version is #545
I’ve described the issue in detail here: https://stackoverflow.com/questions/68770298/unable-to-fetch-vault-token-for-pod-service-account
This makes me curious if kubernetes-master charm version #545 has flags for Token Review API enabled?
On a quick look at options for the kube-apiserver process running on the Kubernetes Master node, I find the following:
--authentication-token-webhook-cache-ttl=1m0s --authentication-token-webhook-config-file=/root/charmed-k8s/auth-webhook/auth-webhook-conf.yaml --service-account-key-file=/root/charmed-k8s/serviceaccount.key
But I am still not sure if it’s enabled.
Although looking at a more recent version of the kubernetes-master charm docs, it appears that it should be enabled in the newer version:
Would be grateful for any help.
Thanks & Regards,