I’ve been trying to get the Vault integration working, and am finding it frustrating.
In particular, since NodeAgent is passing the ServiceAccount token of the workload (rather than itself), I need to reconfigure the Vault backend role to whitelist each ServiceAccount or Namespace that I want to support.
I’m wondering if there are other people/orgs that have successfully got this integration working. It doesn’t necessarily have to be in production, but in an environment with more than a few services running in the mesh.If so, how have you been managing Vault configuration?
Thanks in advance,