Enable Vault plugin in postStart

I install Vault helm chart using values.yaml file and I want to execute Vault commands via postStart as follows:

extraEnvironmentVars:
VAULT_API_ADDR: http://127.0.0.1:8200
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
VAULT_ADDR: http://127.0.0.1:8200
postStart:
- /bin/sh
- -c
- “vault login root”

However I get error connection refused:

Exec lifecycle hook ([/bin/sh -c vault login root]) for Container “vault” in Pod “vault-0_m4d-system(1f4c49cd-c2e5-4370-96c0-1679c8c625b1)” failed - error: command ‘/bin/sh -c vault login root’ exited with 2: Error authenticating: error looking up token: Get “http://127.0.0.1:8200/v1/auth/token/lookup-self”: dial tcp 127.0.0.1:8200: connect: connection refused
, message: “Error authenticating: error looking up token: Get “http://127.0.0.1:8200/v1/auth/token/lookup-self”: dial tcp 127.0.0.1:8200: connect: connection refused\n”

when running the Vault login command within the pod manually (with kubectl exec) the command executes ok.

I found my error - it seems that it is due to synchronization issues with the container pod… how can I avoid that’? it seems that each restart Vault is not ready… tnx

Many things going on here.

First, get rid of VAULT_DEV_LISTEN_ADDRESS, it is not used in this context.

Next, you have what looks like the root token in your code. That must be a local environment test thing.

Finally, vault login root will try:

• Authenticate with the token auth backend providing a token with value root
• If successful, save the token in ~/.vault-token

So you could - because this is test setup right? - get rid of all that postStart and instead add to your deployment a file ~/.vault-token with the word root in it.

$ cat ~/.vault-token
root

Still that would classify as a bad idea. Can you elaborate on your use case?