Not able to access kubernetes api from inside a pod container

Question

I have created a hashicorp vault deployment and configured kubernetes auth. The vault container calls kubernetes api internally from the pod to do k8s authentication, and that c

Answer 1

Finally I have figured out what went wrong:

my payload.json content was wrong

it should be like this:

{
      "kubernetes_host": "https://kubernetes",
      "kubernetes_ca_cert": <kubectl exec to vault pod and cat  /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, now make the cert one line by following this answer: https://stackoverflow.com/a/14580203/2054147>
}

Now below endpoint is working fine and returning the desire client_token

curl --request POST --data @payload2.json http://127.0.0.1:8200/v1/auth/kubernetes/login

Thanks @John for helping me to figure out the initial issue with kubernetes_host.

Answer 2

Your login request is being sent to the tokenreview endpoint on port 80. I think this is because your kubernetes_host specifies a http URL. The 500 response is because it's not listening on port 80, but on 443 instead (as you can see in your service list output).

Try changing to https when configuring the auth, i.e.

payload.json

{
    "kubernetes_host": "https://kubernetes",
    "kubernetes_ca_cert": <k8s service account token>
}