Hi there,
I've managed to successfully run the demo without any modifications before.
I tried to enable custom Service Account names and corresponding Vault auth roles, but am not able to get it to work.
Here are the changes I made:
apiVersion: v1
kind: ServiceAccount
metadata:
name: <my-new-sa-name>
- assigned name to application Pod in manifest
spec:
serviceAccountName: <my-new-sa-name>
- create new Kubernetes auth role in Vault
vault write auth/kubernetes/role/<my-new-sa-name>-role \
bound_service_account_names=<my-new-sa-name> \
bound_service_account_namespaces=default \
policies=<my-new-policy> \
ttl=15m
note: my-new-policy is already created
When I ran kubectl logs <pod-name>-5wpxz vault-authenticator
Here is the error I got:
2019/05/03 06:27:22 failed to get successful response: &http.Response{Status:"500 Internal Server Error", StatusCode:500, Proto:"HTTP/2.0", ProtoMajor:2, ProtoMinor:0, Header:http.Header{"Cache-Control":[]string{"no-store"}, "Content-Type":[]string{"application/json"}, "Content-Length":[]string{"51"}, "Date":[]string{"Fri, 03 May 2019 06:27:22 GMT"}}, Body:http2.transportResponseBody{cs:(*http2.clientStream)(0xc4200a4780)}, ContentLength:51, TransferEncoding:[]string(nil), Close:false, Uncompressed:false, Trailer:http.Header(nil), Request:(*http.Request)(0xc420132000), TLS:(*tls.ConnectionState)(0xc420098580)}, {"errors":["service account name not authorized"]}
Is there some change elsewhere that I should be making?
Thanks for the help