I would like to my jenkins pod authenticate and get secret from vault pod running on the same cluster. Which auth method will be the best option for that? I think about kubernetes auth method but I'm not sure it is best option for my case. This method in my opinion is better for use when vault is running outside the kubernetes cluster.
Thanks in advance.
I got two options for you:
This plugin allows authenticating against Vault using the AppRole authentication backend. Hashicorp recommends using AppRole for Servers / automated workflows (like Jenkins)
This is the recommended way for authenticating and it works by registering an approle auth backend using a self-chosen name (e.g. Jenkins). The approle is identified by a role-id and secured with a secret_id. If you have both of those values you can ask Vault for a token that can be used to access vault.
Here you can find an interesting read regarding Jenkins, Kubernetes, and Hashicorp Vault.
Choose the option that better suits you. Both are explained in detail.
Please let me know if that helped.