In this scenario, both Vault and the app are running inside the mesh.

  1. Complete the Prerequisites.

  2. Enable sidecar auto-injection for both namespaces:

    • With kubectl:

      kubectl label namespace app   istio-injection=enabled
      kubectl label namespace vault istio-injection=enabled
      
    • With backyards:

      backyards sidecar-proxy auto-inject on app
      backyards sidecar-proxy auto-inject on vault
      
  3. Delete all pods so they are getting injected with the proxy:

    kubectl delete pods --all -n app
    kubectl delete pods --all -n vault
    
  4. Check the logs in the app container. It should sill show success:

    $ kubectl logs -f -n app deployment/app
    time="2020-02-18T15:04:03Z" level=info msg="Initial Vault token arrived"
    time="2020-02-18T15:04:03Z" level=info msg="Renewed Vault Token"
    s3cr3t
    going to sleep...