You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bugs should be filed for issues encountered whilst operating bank-vaults.
You should first attempt to resolve your issues through the community support
channels, e.g. Slack, in order to rule out individual configuration errors.
Please provide as much detail as possible.
Describe the bug:
When we use vault operator deploy vault to Alibaba cloud (Aliyun), we met issue "parameters secret_shares,secret_threshold not applicable to seal type alicloudkms" when vault statefulset initializing at second container bank-vaults
Expected behaviour:
Vault statefulset container started successfully.
Steps to reproduce the bug:
Install Vault operator
Install Vault crd, yaml refer to below.
check logs of Vault satefulset
Additional context:
The problem happens on Vault 1.12.3
but if i downgrade Vault to 1.11.3 which works fine. Vault crd yaml see below. image: vault:1.12.3 VS image: vault:1.11.3
Environment details:
Kubernetes version 1.24.6, ACK 1.24.6-aliyun.1
Cloud-provider/provisioner Alibaba Aliyun
bank-vaults version vault-operator 1.15.3, also tried latest 1.19.0 same issue.
Vault crd 1.12.3
Install method, Helm and kubectl apply yaml
Logs:
kubectl -n vault logs -f vault-0 -c vault
==> Vault server configuration:
HA Storage: raft
Api Address: https://vault.vault.svc.cluster.local:8200
Cgo: disabled
Cluster Address: https://vault-0:8201
Environment Variables: ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, GODEBUG, HOME, HOSTNAME, KUBERNETES_PORT, KUBERNETES_PORT_443_TCP, KUBERNETES_PORT_443_TCP_ADDR, KUBERNETES_PORT_443_TCP_PORT, KUBERNETES_PORT_443_TCP_PROTO, KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT, KUBERNETES_SERVICE_PORT_HTTPS, PATH, PWD, SHLVL, VAULT_0_PORT, VAULT_0_PORT_8200_TCP, VAULT_0_PORT_8200_TCP_ADDR, VAULT_0_PORT_8200_TCP_PORT, VAULT_0_PORT_8200_TCP_PROTO, VAULT_0_PORT_8201_TCP, VAULT_0_PORT_8201_TCP_ADDR, VAULT_0_PORT_8201_TCP_PORT, VAULT_0_PORT_8201_TCP_PROTO, VAULT_0_PORT_9091_TCP, VAULT_0_PORT_9091_TCP_ADDR, VAULT_0_PORT_9091_TCP_PORT, VAULT_0_PORT_9091_TCP_PROTO, VAULT_0_SERVICE_HOST, VAULT_0_SERVICE_PORT, VAULT_0_SERVICE_PORT_API_PORT, VAULT_0_SERVICE_PORT_CLUSTER_PORT, VAULT_0_SERVICE_PORT_METRICS, VAULT_1_PORT, VAULT_1_PORT_8200_TCP, VAULT_1_PORT_8200_TCP_ADDR, VAULT_1_PORT_8200_TCP_PORT, VAULT_1_PORT_8200_TCP_PROTO, VAULT_1_PORT_8201_TCP, VAULT_1_PORT_8201_TCP_ADDR, VAULT_1_PORT_8201_TCP_PORT, VAULT_1_PORT_8201_TCP_PROTO, VAULT_1_PORT_9091_TCP, VAULT_1_PORT_9091_TCP_ADDR, VAULT_1_PORT_9091_TCP_PORT, VAULT_1_PORT_9091_TCP_PROTO, VAULT_1_SERVICE_HOST, VAULT_1_SERVICE_PORT, VAULT_1_SERVICE_PORT_API_PORT, VAULT_1_SERVICE_PORT_CLUSTER_PORT, VAULT_1_SERVICE_PORT_METRICS, VAULT_K8S_POD_NAME, VAULT_PORT, VAULT_PORT_8200_TCP, VAULT_PORT_8200_TCP_ADDR, VAULT_PORT_8200_TCP_PORT, VAULT_PORT_8200_TCP_PROTO, VAULT_PORT_8201_TCP, VAULT_PORT_8201_TCP_ADDR, VAULT_PORT_8201_TCP_PORT, VAULT_PORT_8201_TCP_PROTO, VAULT_PORT_9091_TCP, VAULT_PORT_9091_TCP_ADDR, VAULT_PORT_9091_TCP_PORT, VAULT_PORT_9091_TCP_PROTO, VAULT_PORT_9102_TCP, VAULT_PORT_9102_TCP_ADDR, VAULT_PORT_9102_TCP_PORT, VAULT_PORT_9102_TCP_PROTO, VAULT_SERVICE_HOST, VAULT_SERVICE_PORT, VAULT_SERVICE_PORT_API_PORT, VAULT_SERVICE_PORT_CLUSTER_PORT, VAULT_SERVICE_PORT_METRICS, VAULT_SERVICE_PORT_STATSD
Go Version: go1.19.4
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
Log Level: info
Mlock: supported: true, enabled: true
Recovery Mode: false
Storage: alicloudoss
Version: Vault v1.12.3, built 2023-02-02T09:07:27Z
Version Sha: 209b3dd99fe8ca320340d08c70cff5f620261f9b
==> Vault server started! Log data will stream in below:
2023-05-05T04:50:09.104Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2023-05-05T04:50:09.227Z [WARN] ha.raft.fsm: raft FSM db file has wider permissions than needed: needed=-rw------- existing=-rw-rw----
2023-05-05T04:50:09.263Z [INFO] core: Initializing version history cache for core
2023-05-05T04:50:09.263Z [INFO] core: stored unseal keys supported, attempting fetch
2023-05-05T04:50:09.268Z [WARN] failed to unseal core: error="stored unseal keys are supported, but none were found"
2023-05-05T04:50:09.521Z [INFO] core: security barrier not initialized
2023-05-05T04:50:10.277Z [INFO] core: security barrier not initialized
kubectl -n vault logs -f vault-0 -c bank-vaults
{"level":"info","msg":"initializing vault...","time":"2023-05-05T04:53:12Z"}
{"level":"info","msg":"vault metrics exporter enabled: :9091/metrics","time":"2023-05-05T04:53:12Z"}
{"level":"info","msg":"initializing vault","time":"2023-05-05T04:53:12Z"}
{"level":"fatal","msg":"error initializing vault: error initializing vault: Error making API request.\n\nURL: PUT https://127.0.0.1:8200/v1/sys/init\nCode: 400. Errors:\n\n* parameters secret_shares,secret_threshold not applicable to seal type alicloudkms","time":"2023-05-05T04:53:12Z"}
Describe the bug:
When we use vault operator deploy vault to Alibaba cloud (Aliyun), we met issue "parameters secret_shares,secret_threshold not applicable to seal type alicloudkms" when vault statefulset initializing at second container
bank-vaults
Expected behaviour:
Vault statefulset container started successfully.
Steps to reproduce the bug:
Install Vault operator
Install Vault crd, yaml refer to below.
check logs of Vault satefulset
Additional context:
The problem happens on Vault 1.12.3
but if i downgrade Vault to 1.11.3 which works fine. Vault crd yaml see below.
image: vault:1.12.3
VSimage: vault:1.11.3
Environment details:
Logs:
Below is Vault crd yaml
This is vault operator yaml
The text was updated successfully, but these errors were encountered: