Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More than 1 vault pod is failing as asking for more than 5th key #317

Open
manik9910 opened this issue May 31, 2023 · 0 comments
Open

More than 1 vault pod is failing as asking for more than 5th key #317

manik9910 opened this issue May 31, 2023 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@manik9910
Copy link

manik9910 commented May 31, 2023
edited

Using vault crd:
https://raw.githubusercontent.com/banzaicloud/bank-vaults/1.15.3/operator/deploy/cr-raft-ha-storage.yaml

when size is 1, it is working fine
when size is more than 1, it is failing

1st vault pod has taken 3/5 keys and working fine
2nd vault pod is taking 4th and 5th key and failed. Ideally it should take any of 3 keys from total of 5 keys.

Environment details:

Error in vault container:

kubectl logs -n vault vault-1 vault
2023-05-29T09:46:53.109Z [INFO]  core: security barrier not initialized
2023-05-29T09:46:53.635Z [ERROR] core: failed to get raft challenge: leader_addr=https://vault:8200/ error="error during raft bootstrap init call: Put \"https://vault:8200/v1/sys/storage/raft/bootstrap/challenge\": dial tcp 10.43.68.122:8200: connect: connection refused"
2023-05-29T09:46:53.635Z [ERROR] core: failed to join raft cluster: error="failed to get raft challenge"

Error in bank-vaults container:

root@management-cluster-control-plane-dhdzl:~# kubectl logs -n vault vault-1 bank-vaults
{"level":"info","msg":"joining leader vault...","time":"2023-05-29T09:46:47Z"}
{"level":"info","msg":"vault metrics exporter enabled: :9091/metrics","time":"2023-05-29T09:46:47Z"}
{"level":"info","msg":"joining raft cluster...","time":"2023-05-29T09:46:47Z"}
{"level":"fatal","msg":"error joining leader vault: error joining raft cluster: Error making API request.\n\nURL: POST https://127.0.0.1:8200/v1/sys/storage/raft/join\nCode: 500. Errors:\n\n* failed to join raft cluster: failed to get raft challenge","time":"2023-05-29T09:46:53Z"}

Pod's Status:

root@management-cluster-control-plane-dhdzl:~# k get pods -n vault -o wide
NAME                                     READY   STATUS             RESTARTS         AGE     IP             NODE                                     NOMINATED NODE   READINESS GATES
vault-0                                  2/2     Running            0                32m     10.42.171.19   management-cluster-control-plane-t8fw7   <none>           <none>
vault-1                                  0/2     CrashLoopBackOff   10 (4m14s ago)   32m     10.42.220.83   management-cluster-control-plane-dhdzl   <none>           <none>
vault-config-operator-7987fbdc4c-vx96v   2/2     Running            0                72m     10.42.171.7    management-cluster-control-plane-t8fw7   <none>           <none>
vault-configurer-86f766dbbb-pksst        1/1     Running            0                6m40s   10.42.171.18   management-cluster-control-plane-t8fw7   <none>           <none>
vault-operator-876f4b9d-gt2sc            1/1     Running            0                72m     10.42.171.61   management-cluster-control-plane-t8fw7   <none>           <none>

I also added and try:

vaultEnvsConfig:

  • name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name

When I tried to modify cluster_addr as below.
cluster_addr: "https://${.Env.POD_NAME}:8201"
It is failing by error that converting YAMLtoJSON conversion failed. So it's giving syntax issue here.

kubectl get kustomizations -A
`default     vault                           2d1h   False   var substitution failed for 'vault': YAMLToJSON: variable substitution failed: unable to parse variable name`

My requirement is to create HA cluster with replicas which is failing with above.

/kind bug
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Nov 29, 2023
@ramizpolic ramizpolic added kind/bug Categorizes issue or PR as related to a bug. and removed lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. labels Dec 22, 2023
@ramizpolic ramizpolic transferred this issue from bank-vaults/bank-vaults Dec 22, 2023
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 25, 2024
@akijakya akijakya removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label Feb 28, 2024
@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label May 5, 2024
@csatib02 csatib02 removed the lifecycle/stale Denotes an issue or PR that has become stale and will be auto-closed. label May 5, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 5, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 5, 2024
@bank-vaults bank-vaults deleted a comment from github-actions bot May 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@manik9910 @ramizpolic @akijakya @csatib02