Issue:
k8S cluster authentication to Vault fails with "missing client token" error
Cause:
The error "missing client token” is commonly encountered when authentication is using the wrong path. If we get any part of the path wrong, then Vault’s ACL system will complain about a missing token.
Solution:
Ensure correct Vault annotations are used.
Common checkpoints are
If Namespace is used -
-
vault.hashicorp.com/namespace
- configures the Vault Enterprise namespace to be used when requesting secrets from Vault.
If non-default auth path is used -
-
vault.hashicorp.com/auth-path
- configures the authentication path for the Kubernetes auth method. Defaults toauth/kubernetes
Suggested reading: