Missing NetworkPolicy for Init Container
dadav opened this issue · comments
Daniel commented
Describe the bug
The init container of the injector can't connect to $releasename.vault.svc:8200
An additional NetworkPolicy is required.
To Reproduce
Steps to reproduce the behavior:
- Install chart
- Use the agent injector
- See error
testdeployment-79c87f598b-n5gts vault-agent-init 2023-08-17T09:48:30.272Z [ERROR] agent.auth.handler: error authenticating: error="Put \"[http://vault-deployment.vault.svc:8200/v1/auth/kubernetes/login\](http://vault-deployment.vault.svc:8200/v1/auth/kubernetes/login%5C)": dial tcp [172.17.32.81:8200](http://172.17.32.81:8200/): i/o timeout" backoff=1s
Expected behavior
I expected that the helm chart would create the required NetworkPolicy which allows other Namespaces to connect.
Environment
OpenShift 4.10.61
Chart version 0.25.0
Additional context
With this NetworkPolicy it worked:
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: agent-injector-access
namespace: vault
spec:
podSelector:
matchLabels:
app.kubernetes.io/instance: vault-deployment
app.kubernetes.io/name: vault
ingress:
- ports:
- protocol: TCP
port: 8200
from:
- namespaceSelector: {}
policyTypes:
- Ingress