Vault reports missing client token when using postgres storage backend

11/19/2020

I am using Vault with postgres storage backend along with kv secret engine. I am uisng kubernetes auth method to get the vault token. I followed the below documentation to setup the vault with kubernetes

https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube?in=vault/kubernetes

When I start the webapplication for the first time and try to retrieve the tokens it is working but when I delete the webapp deployment and try to deploy webapp again and try to retrieve the vault token again with the api

v1/auth/kubernetes/login

I get the following error

error: 400 Bad Request: [{"errors":["missing client token"]}

But the request has the jwt token of service account. Please see the below image Wireshark capture of the request

Due to this error Pod keeps restarting and all of a sudden after some time vault honours the request and returns the vault token.

This looks strange any reason for such behavior?

UPDATE:

This issue does not happen for consul backend

-- user3553913
kubernetes
postgresql
vault

0 Answers