Bug Annotations field in Vault Helm Chart behaving differently

Vault
1

Hello everyone,

I am using the stable Vault Chart to deploy it into a Kubernetes Cluster in HA mode. I am getting an error from the Helm templates and I can not guess what is missing.

Error: YAML parse error on vault/templates/server-ha-active-service.yaml: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go struct field .metadata.annotations of type map[string]string

The problem seems to be in the server-ha-active-service.yaml (https://github.com/hashicorp/vault-helm/blob/v0.5.0/templates/server-ha-active-service.yaml). The problem is that it is expecting a map[string][string] and I am sending an string. However, the https://github.com/hashicorp/vault-helm/blob/v0.5.0/templates/server-service.yaml uses the same field of the Vault values and it complains if I do not send an string (problem is in the annotations field of the values.yaml).

My values.yaml is the following one:

injector:
  enabled: false
server:
  service:
    # Change service type in AWS
    type: LoadBalancer
    annotations: |
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "some-arn
      service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-internal: "true"
      service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: "sg-06163510cf9b8f2fe"

  standalone:
    enabled: false
    config: |
      ui = true

      listener "tcp" {
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      storage "consul" {
        path = "vault/"  
        address = "HOST_IP:8500"
      }

      seal "awskms" {
        region      = "eu-west-1"
        kms_key_id  = "some-key"
      }
  ha:
    enabled: true
    config: |
      ui = true

      listener "tcp" {
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      storage "consul" {
        path = "vault/"  
        address = "HOST_IP:8500"
      }

      seal "awskms" {
        region      = "eu-west-1"
        kms_key_id  = "some-key"
      }

As you can see the problem is in the annotations key. So what I am seeing is that the same field (annotations) is processed differently in two files of the template (the ones I attached above). Is it a bug on the chart itself? Am I doing something wrong?

Thanks

Marc

2

Mmmh interesting. I reckon if you could resolve those issues you would end up with a load balancer for the active vault instance and one for the standby instances which you probably do not want.

3

Check out the latest version from git of the helm chart. Looks like changes have been made to fix your issue.

4

Thanks I already saw it. Any ideas on when this will be published as an official stable chart?

Marc