Setup High Availability with Vault Operator #2585
Unanswered
LukasKnuth
asked this question in
Q&A
Replies: 1 comment 1 reply
-
What storage do you have configured? We are quite satisfied with the HA setup using Integrated storage (Raft). Here is a sample For secrets access we are using External Secrets Operator |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey, we have the following issue in our cluster:
CrashLoop
statesI see two issues with our current configuration:
We only have a single instance of Vault running in our cluster. If the Node it runs on dies, we have this problem.
I can't find any examples in the Vault Operator repo/docs on how to run multiple instances. I know there is
spec.size
which i can set to a higher number but I have no idea if that is all thats needed.For example, Do these instances find each other? Is their Affinity configured so that they aren't scheduled onto the same Node?
If the Bank Vaults Webhook is not successful in injecting the secrets from Vault, it starts the Pod anyways. As far as I can tell, once the Pod is created, the Webhook doesn't run again to try and fetch the secrets again. This leaves these Pods dead until their Deployment is manually restarted.
I can't find any Annotations to configure the Webhook to change this behavior. Is it possible to have this automatically retry periodically?
Beta Was this translation helpful? Give feedback.
All reactions