In this scenario, both Vault and the app are running inside the mesh.
-
Complete the Prerequisites.
-
Enable sidecar auto-injection for both namespaces:
-
With
kubectl
:kubectl label namespace app istio-injection=enabled kubectl label namespace vault istio-injection=enabled
-
With
backyards
:backyards sidecar-proxy auto-inject on app backyards sidecar-proxy auto-inject on vault
-
-
Delete all pods so they are getting injected with the proxy:
kubectl delete pods --all -n app kubectl delete pods --all -n vault
-
Check the logs in the app container. It should sill show success:
$ kubectl logs -f -n app deployment/app time="2020-02-18T15:04:03Z" level=info msg="Initial Vault token arrived" time="2020-02-18T15:04:03Z" level=info msg="Renewed Vault Token" s3cr3t going to sleep...