Error launching Vault

The vault pods keeps “crashLoopBackOff”,The kubectl log shows
error loading configuration from /tmp/storageconfig.hcl: At 16:11: illegal char
It is installing fine manually, but through gitlab pipeline it generate the above error.
I have doubts that gitlab cannot read correctly the values.yml
the line 16 is related to " config: |"
please see complete values.yml below:

enabled: true
tlsDisable: false
enabled: true
serviceType: NodePort
VAULT_CACERT: /vault/userconfig/vault-server-tls/

  • type: secret
    name: vault-server-tls
    enabled: true
    replicas: 3
    config: |
    ui = true
    listener “tcp” {
    address = “[::]:8200”
    cluster_address = “[::]:8201”
    tls_disable = 0
    tls_cert_file = “/vault/userconfig/vault-server-tls/vault.crt”
    tls_key_file = “/vault/userconfig/vault-server-tls/vault.key”
    tls_client_ca_file = “/vault/userconfig/vault-server-tls/”
    storage “consul” {
    address = “HOST_IP:8500”
    service = “vault”
    path = “vault”
    scheme = “http”
    token = ${CONSUL_HTTP_TOKEN_DEV}
    enabled: true
    maxUnavailable: null

    annotations: {}

    enabled: true

This is hard to read. Could you edit your post and use a code block?

If line 16 is service = “vault” character 11 would be … Maybe a copy/ paste error? Control character or something else?

Thanks for your response, please have a look at the values.yml at this link :slight_smile: valuesVault ($2068450) · Snippets · Snippets · GitLab

Mh, could you try quoting your




The additional brackets could be misleading for the linting.

Thanks, now the vault pods are installed correctly and in running state but cannot be unsealed:

kubectl -n dev-ops exec vault-0 – vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json

gives :
Error initializing: Put “”: dial tcp connect: connection refused
command terminated with exit code 2

and logs on pods shows:
[WARN] storage migration check error: error=“Unexpected response code: 403”

This mean vault can not connect to consul I think. but the token is correct :
I found it correctly populated when I do :
helm get manifest vault gives :

storage “consul” {
address = “HOST_IP:8500”
service = “vault”
path = “vault”
scheme = “http”
token = “xxxxx”

Please note that the issue is encountred only if installed via gitlab pipeline.
If done manually it work fine.
Could it be that pipeline is running as root user so vault cannot access consul storage created as root via pipeline ?
Any ideas please ?

the issue is solved. Pipeline did not populate the consule token correctly, have to put it on the fly with head and tail command.