Thanks in advance for any help!
I am trying to get a simple echo service stood up in minikube with vault secrets integrated.
- Vault is running in the cluster, installed with helm in its own namespace “vault”.
- Some sample data has been added to the vault in the path “kv”.
- Vault UI seems to be working.
- echo service deployments work fine without any helm vault annotations.
- Once helm annotations are added to the deployment descriptor the pods just sit in init state.
Here is the kubectl get all and descriptions of the pod, deployment and replicaset:
(This is large but figured much of it would be asked for at some point 
)
kubectl get all --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
istio-system pod/istio-ingressgateway-6f86b8c88d-h5f7h 1/1 Running 4 (23m ago) 28d 10.244.3.216 minikube
istio-system pod/istiod-79d65bf5f4-npz4m 1/1 Running 3 (23m ago) 28d 10.244.3.219 minikube
kube-system pod/coredns-787d4945fb-r7g97 1/1 Running 11 (23m ago) 133d 10.244.3.213 minikube
kube-system pod/etcd-minikube 1/1 Running 12 (23m ago) 133d 192.168.49.2 minikube
kube-system pod/kube-apiserver-minikube 1/1 Running 13 (23m ago) 133d 192.168.49.2 minikube
kube-system pod/kube-controller-manager-minikube 1/1 Running 11 (23m ago) 133d 192.168.49.2 minikube
kube-system pod/kube-proxy-htsmn 1/1 Running 10 (23m ago) 133d 192.168.49.2 minikube
kube-system pod/kube-scheduler-minikube 1/1 Running 11 (23m ago) 133d 192.168.49.2 minikube
kube-system pod/storage-provisioner 1/1 Running 33 (22m ago) 133d 192.168.49.2 minikube
kubernetes-dashboard pod/dashboard-metrics-scraper-5c6664855-cpgvx 1/1 Running 11 (23m ago) 121d 10.244.3.217 minikube
kubernetes-dashboard pod/kubernetes-dashboard-55c4cbbc7c-c9g45 1/1 Running 20 (23m ago) 121d 10.244.3.218 minikube
REDACTED pod/echo-blue-6d67b44cc4-l798t 0/3 Init:1/2 0 3m44s 10.244.3.223 minikube
vault pod/vault-0 0/1 Running 4 (23m ago) 132m 10.244.3.215 minikube
vault pod/vault-agent-injector-5fcfd8c6bf-q5b4k 1/1 Running 3 (23m ago) 132m 10.244.3.212 minikube
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
default service/kubernetes ClusterIP 10.96.0.1 443/TCP 133d
istio-system service/istio-ingressgateway LoadBalancer 10.101.110.247 127.0.0.1 15021:32402/TCP,80:32716/TCP,443:30965/TCP 28d app=istio-ingressgateway,istio=ingressgateway
istio-system service/istiod ClusterIP 10.107.54.71 15010/TCP,15012/TCP,443/TCP,15014/TCP 28d app=istiod,istio=pilot
kube-system service/kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP,9153/TCP 133d k8s-app=kube-dns
kubernetes-dashboard service/dashboard-metrics-scraper ClusterIP 10.100.2.56 8000/TCP 121d k8s-app=dashboard-metrics-scraper
kubernetes-dashboard service/kubernetes-dashboard ClusterIP 10.103.77.69 80/TCP 121d k8s-app=kubernetes-dashboard
REDACTED service/echo-blue ClusterIP 10.101.202.190 8080/TCP 3m44s app.kubernetes.io/instance=echo-blue,app.kubernetes.io/name=echo,app=echo-blue
vault service/vault ClusterIP 10.96.30.222 8200/TCP,8201/TCP 132m app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server
vault service/vault-agent-injector-svc ClusterIP 10.105.147.102 443/TCP 132m app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault-agent-injector,component=webhook
vault service/vault-internal ClusterIP None 8200/TCP,8201/TCP 132m app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server
vault service/vault-ui LoadBalancer 10.106.133.78 127.0.0.1 8200:32196/TCP 132m app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault,component=server
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
kube-system daemonset.apps/kube-proxy 1 1 1 1 1 kubernetes.io/os=linux 133d kube-proxy registry.k8s.io/kube-proxy:v1.26.1 k8s-app=kube-proxy
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
istio-system deployment.apps/istio-ingressgateway 1/1 1 1 28d istio-proxy docker.io/istio/proxyv2:1.17.1 app=istio-ingressgateway,istio=ingressgateway
istio-system deployment.apps/istiod 1/1 1 1 28d discovery docker.io/istio/pilot:1.17.1 istio=pilot
kube-system deployment.apps/coredns 1/1 1 1 133d coredns registry.k8s.io/coredns/coredns:v1.9.3 k8s-app=kube-dns
kubernetes-dashboard deployment.apps/dashboard-metrics-scraper 1/1 1 1 121d dashboard-metrics-scraper docker.io/kubernetesui/metrics-scraper:v1.0.8@sha256:76049887f07a0476dc93efc2d3569b9529bf982b22d29f356092ce206e98765c k8s-app=dashboard-metrics-scraper
kubernetes-dashboard deployment.apps/kubernetes-dashboard 1/1 1 1 121d kubernetes-dashboard docker.io/kubernetesui/dashboard:v2.7.0@sha256:2e500d29e9d5f4a086b908eb8dfe7ecac57d2ab09d65b24f588b1d449841ef93 k8s-app=kubernetes-dashboard
REDACTED deployment.apps/echo-blue 0/1 1 0 3m44s echoserver Google Cloud console app=echo-blue,app.kubernetes.io/instance=echo-blue,app.kubernetes.io/name=echo,deploymentColor=blue
vault deployment.apps/vault-agent-injector 1/1 1 1 132m sidecar-injector hashicorp/vault-k8s:1.2.1 app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault-agent-injector,component=webhook
NAMESPACE NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
istio-system replicaset.apps/istio-ingressgateway-6f86b8c88d 1 1 1 28d istio-proxy docker.io/istio/proxyv2:1.17.1 app=istio-ingressgateway,istio=ingressgateway,pod-template-hash=6f86b8c88d
istio-system replicaset.apps/istiod-79d65bf5f4 1 1 1 28d discovery docker.io/istio/pilot:1.17.1 istio=pilot,pod-template-hash=79d65bf5f4
kube-system replicaset.apps/coredns-787d4945fb 1 1 1 133d coredns registry.k8s.io/coredns/coredns:v1.9.3 k8s-app=kube-dns,pod-template-hash=787d4945fb
kubernetes-dashboard replicaset.apps/dashboard-metrics-scraper-5c6664855 1 1 1 121d dashboard-metrics-scraper docker.io/kubernetesui/metrics-scraper:v1.0.8@sha256:76049887f07a0476dc93efc2d3569b9529bf982b22d29f356092ce206e98765c k8s-app=dashboard-metrics-scraper,pod-template-hash=5c6664855
kubernetes-dashboard replicaset.apps/kubernetes-dashboard-55c4cbbc7c 1 1 1 121d kubernetes-dashboard docker.io/kubernetesui/dashboard:v2.7.0@sha256:2e500d29e9d5f4a086b908eb8dfe7ecac57d2ab09d65b24f588b1d449841ef93 k8s-app=kubernetes-dashboard,pod-template-hash=55c4cbbc7c
REDACTED replicaset.apps/echo-blue-6d67b44cc4 1 1 0 3m44s echoserver Google Cloud console app=echo-blue,app.kubernetes.io/instance=echo-blue,app.kubernetes.io/name=echo,deploymentColor=blue,pod-template-hash=6d67b44cc4
vault replicaset.apps/vault-agent-injector-5fcfd8c6bf 1 1 1 132m sidecar-injector hashicorp/vault-k8s:1.2.1 app.kubernetes.io/instance=vault,app.kubernetes.io/name=vault-agent-injector,component=webhook,pod-template-hash=5fcfd8c6bf
NAMESPACE NAME READY AGE CONTAINERS IMAGES
vault statefulset.apps/vault 0/1 132m vault hashicorp/vault:1.14.0
NAMESPACE NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
istio-system horizontalpodautoscaler.autoscaling/istio-ingressgateway Deployment/istio-ingressgateway /80% 1 5 1 28d
istio-system horizontalpodautoscaler.autoscaling/istiod Deployment/istiod /80% 1 5 1 28d
kubectl -n REDACTED describe pod echo-blue
Name: echo-blue-6d67b44cc4-l798t
Namespace: REDACTED
Priority: 0
Service Account: REDACTED
Node: minikube/192.168.49.2
Start Time: Fri, 14 Jul 2023 16:50:23 -0700
Labels: app=echo-blue
app.kubernetes.io/instance=echo-blue
app.kubernetes.io/name=echo
deploymentColor=blue
pod-template-hash=6d67b44cc4
security.istio.io/tlsMode=istio
service.istio.io/canonical-name=echo
service.istio.io/canonical-revision=latest
Annotations: kubectl.kubernetes.io/default-container: echoserver
kubectl.kubernetes.io/default-logs-container: echoserver
prometheus.io/path: /stats/prometheus
prometheus.io/port: 15020
prometheus.io/scrape: true
sidecar.istio.io/status:
{“initContainers”:[“istio-init”],“containers”:[“istio-proxy”],“volumes”:[“workload-socket”,“credential-socket”,“workload-certs”,"istio-env…
vault.hashicorp.com/agent-inject: true
vault.hashicorp.com/agent-inject-secret-vault-secrets.txt: kv/b
vault.hashicorp.com/agent-inject-status: injected
vault.hashicorp.com/role: vault
Status: Pending
IP: 10.244.3.223
IPs:
IP: 10.244.3.223
Controlled By: ReplicaSet/echo-blue-6d67b44cc4
Init Containers:
istio-init:
Container ID: docker://922e6310c651bbfdb439f1f4fff8f5c862d8e9d7356d3cb579f50fa26b6986d9
Image: docker.io/istio/proxyv2:1.17.1
Image ID: docker-pullable://istio/proxyv2@sha256:2152aea5fbe2de20f08f3e0412ad7a4cd54a492240ff40974261ee4bdb43871d
Port:
Host Port:
Args:
istio-iptables
-p
15001
-z
15006
-u
1337
-m
REDIRECT
-i
*
-x
-b
*
-d
15090,15021,15020
--log_output_level=default:info
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 14 Jul 2023 16:50:24 -0700
Finished: Fri, 14 Jul 2023 16:50:24 -0700
Ready: True
Restart Count: 0
Limits:
cpu: 2
memory: 1Gi
Requests:
cpu: 100m
memory: 128Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-464fl (ro)
/vault/secrets from vault-secrets (rw)
vault-agent-init:
Container ID: docker://c16a3939d6a2040a6107df020d110030fe917c0e4a2e81c12e680d508e83d8ea
Image: hashicorp/vault:1.14.0
Image ID: docker-pullable://hashicorp/vault@sha256:b2177a8bfe85f89ff403c9f51b8a00a6efd1be8e475bc2637390c36977df994d
Port:
Host Port:
Command:
/bin/sh
-ec
Args:
echo {VAULT_CONFIG?} | base64 -d > /home/vault/config.json && vault agent -config=/home/vault/config.json
State: Running
Started: Fri, 14 Jul 2023 16:50:24 -0700
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 128Mi
Requests:
cpu: 250m
memory: 64Mi
Environment:
VAULT_LOG_LEVEL: info
VAULT_LOG_FORMAT: standard
VAULT_CONFIG: eyJhdXRvX2F1dGgiOnsibWV0aG9kIjp7InR5cGUiOiJrdWJlcm5ldGVzIiwibW91bnRfcGF0aCI6ImF1dGgva3ViZXJuZXRlcyIsImNvbmZpZyI6eyJyb2xlIjoidmF1bHQiLCJ0b2tlbl9wYXRoIjoiL3Zhci9ydW4vc2VjcmV0cy9rdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3Rva2VuIn19LCJzaW5rIjpbeyJ0eXBlIjoiZmlsZSIsImNvbmZpZyI6eyJwYXRoIjoiL2hvbWUvdmF1bHQvLnZhdWx0LXRva2VuIn19XX0sImV4aXRfYWZ0ZXJfYXV0aCI6dHJ1ZSwicGlkX2ZpbGUiOiIvaG9tZS92YXVsdC8ucGlkIiwidmF1bHQiOnsiYWRkcmVzcyI6Imh0dHA6Ly92YXVsdC52YXVsdC5zdmM6ODIwMCJ9LCJ0ZW1wbGF0ZSI6W3siZGVzdGluYXRpb24iOiIvdmF1bHQvc2VjcmV0cy92YXVsdC1zZWNyZXRzLnR4dCIsImNvbnRlbnRzIjoie3sgd2l0aCBzZWNyZXQgXCJrdi9iXCIgfX17eyByYW5nZSAkaywgJHYgOj0gLkRhdGEgfX17eyAkayB9fToge3sgJHYgfX1cbnt7IGVuZCB9fXt7IGVuZCB9fSIsImxlZnRfZGVsaW1pdGVyIjoie3siLCJyaWdodF9kZWxpbWl0ZXIiOiJ9fSJ9XSwidGVtcGxhdGVfY29uZmlnIjp7ImV4aXRfb25fcmV0cnlfZmFpbHVyZSI6dHJ1ZX19
Mounts:
/home/vault from home-init (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-464fl (ro)
/vault/secrets from vault-secrets (rw)
Containers:
echoserver:
Container ID:
Image: gcr.io/google_containers/echoserver:1.0
Image ID:
Port: 8080/TCP
Host Port: 0/TCP
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Environment Variables from:
echo-blue ConfigMap Optional: false
echo-blue-secrets Secret Optional: false
Environment:
foo: <set to the key 'foo' in secret 'echo-blue-secrets'> Optional: false
KUBERNETES_CLUSTER_DOMAIN: cluster.local
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-464fl (ro)
/vault/secrets from vault-secrets (rw)
istio-proxy:
Container ID:
Image: docker.io/istio/proxyv2:1.17.1
Image ID:
Port: 15090/TCP
Host Port: 0/TCP
Args:
proxy
sidecar
--domain
(POD_NAMESPACE).svc.cluster.local
–proxyLogLevel=warning
–proxyComponentLogLevel=misc:error
–log_output_level=default:info
–concurrency
2
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Limits:
cpu: 2
memory: 1Gi
Requests:
cpu: 100m
memory: 128Mi
Readiness: http-get http://:15021/healthz/ready delay=1s timeout=3s period=2s #success=1 #failure=30
Environment:
JWT_POLICY: third-party-jwt
PILOT_CERT_PROVIDER: istiod
CA_ADDR: istiod.istio-system.svc:15012
POD_NAME: echo-blue-6d67b44cc4-l798t (v1:metadata.name)
POD_NAMESPACE: REDACTED (v1:metadata.namespace)
INSTANCE_IP: (v1:status.podIP)
SERVICE_ACCOUNT: (v1:spec.serviceAccountName)
HOST_IP: (v1:status.hostIP)
PROXY_CONFIG: {}
ISTIO_META_POD_PORTS: [
{"name":"http","containerPort":8080,"protocol":"TCP"}
]
ISTIO_META_APP_CONTAINERS: echoserver
ISTIO_META_CLUSTER_ID: Kubernetes
ISTIO_META_NODE_NAME: (v1:spec.nodeName)
ISTIO_META_INTERCEPTION_MODE: REDIRECT
ISTIO_META_WORKLOAD_NAME: echo-blue
ISTIO_META_OWNER: kubernetes://apis/apps/v1/namespaces/REDACTED/deployments/echo-blue
ISTIO_META_MESH_ID: cluster.local
TRUST_DOMAIN: cluster.local
Mounts:
/etc/istio/pod from istio-podinfo (rw)
/etc/istio/proxy from istio-envoy (rw)
/var/lib/istio/data from istio-data (rw)
/var/run/secrets/credential-uds from credential-socket (rw)
/var/run/secrets/istio from istiod-ca-cert (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-464fl (ro)
/var/run/secrets/tokens from istio-token (rw)
/var/run/secrets/workload-spiffe-credentials from workload-certs (rw)
/var/run/secrets/workload-spiffe-uds from workload-socket (rw)
/vault/secrets from vault-secrets (rw)
vault-agent:
Container ID:
Image: hashicorp/vault:1.14.0
Image ID:
Port:
Host Port:
Command:
/bin/sh
-ec
Args:
echo ${VAULT_CONFIG?} | base64 -d > /home/vault/config.json && vault agent -config=/home/vault/config.json
State: Waiting
Reason: PodInitializing
Ready: False
Restart Count: 0
Limits:
cpu: 500m
memory: 128Mi
Requests:
cpu: 250m
memory: 64Mi
Environment:
VAULT_LOG_LEVEL: info
VAULT_LOG_FORMAT: standard
VAULT_CONFIG: eyJhdXRvX2F1dGgiOnsibWV0aG9kIjp7InR5cGUiOiJrdWJlcm5ldGVzIiwibW91bnRfcGF0aCI6ImF1dGgva3ViZXJuZXRlcyIsImNvbmZpZyI6eyJyb2xlIjoidmF1bHQiLCJ0b2tlbl9wYXRoIjoiL3Zhci9ydW4vc2VjcmV0cy9rdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3Rva2VuIn19LCJzaW5rIjpbeyJ0eXBlIjoiZmlsZSIsImNvbmZpZyI6eyJwYXRoIjoiL2hvbWUvdmF1bHQvLnZhdWx0LXRva2VuIn19XX0sImV4aXRfYWZ0ZXJfYXV0aCI6ZmFsc2UsInBpZF9maWxlIjoiL2hvbWUvdmF1bHQvLnBpZCIsInZhdWx0Ijp7ImFkZHJlc3MiOiJodHRwOi8vdmF1bHQudmF1bHQuc3ZjOjgyMDAifSwidGVtcGxhdGUiOlt7ImRlc3RpbmF0aW9uIjoiL3ZhdWx0L3NlY3JldHMvdmF1bHQtc2VjcmV0cy50eHQiLCJjb250ZW50cyI6Int7IHdpdGggc2VjcmV0IFwia3YvYlwiIH19e3sgcmFuZ2UgJGssICR2IDo9IC5EYXRhIH19e3sgJGsgfX06IHt7ICR2IH19XG57eyBlbmQgfX17eyBlbmQgfX0iLCJsZWZ0X2RlbGltaXRlciI6Int7IiwicmlnaHRfZGVsaW1pdGVyIjoifX0ifV0sInRlbXBsYXRlX2NvbmZpZyI6eyJleGl0X29uX3JldHJ5X2ZhaWx1cmUiOnRydWV9fQ==
Mounts:
/home/vault from home-sidecar (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-464fl (ro)
/vault/secrets from vault-secrets (rw)
Conditions:
Type Status
Initialized False
Ready False
ContainersReady False
PodScheduled True
Volumes:
workload-socket:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium:
SizeLimit:
credential-socket:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium:
SizeLimit:
workload-certs:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium:
SizeLimit:
istio-envoy:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium: Memory
SizeLimit:
istio-data:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium:
SizeLimit:
istio-podinfo:
Type: DownwardAPI (a volume populated by information about the pod)
Items:
metadata.labels → labels
metadata.annotations → annotations
istio-token:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 43200
istiod-ca-cert:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: istio-ca-root-cert
Optional: false
kube-api-access-464fl:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
home-init:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium: Memory
SizeLimit:
home-sidecar:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium: Memory
SizeLimit:
vault-secrets:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium: Memory
SizeLimit:
QoS Class: Burstable
Node-Selectors:
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
Normal Scheduled 28s default-scheduler Successfully assigned REDACTED/echo-blue-6d67b44cc4-l798t to minikube
Normal Pulled 28s kubelet Container image “docker.io/istio/proxyv2:1.17.1” already present on machine
Normal Created 28s kubelet Created container istio-init
Normal Started 28s kubelet Started container istio-init
Normal Pulled 28s kubelet Container image “hashicorp/vault:1.14.0” already present on machine
Normal Created 28s kubelet Created container vault-agent-init
Normal Started 28s kubelet Started container vault-agent-init
kubectl -n REDACTED describe deployment echo-blue
Name: echo-blue
Namespace: REDACTED
CreationTimestamp: Fri, 14 Jul 2023 16:50:23 -0700
Labels: app.kubernetes.io/component=echo
app.kubernetes.io/instance=echo-blue
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=echo
app.kubernetes.io/part-of=REDACTED
app.kubernetes.io/version=1.0
deploymentColor=blue
helm.sh/chart=echo-1.0
Annotations: deployment.kubernetes.io/revision: 1
meta.helm.sh/release-name: echo-blue
meta.helm.sh/release-namespace: REDACTED
Selector: app=echo-blue,app.kubernetes.io/instance=echo-blue,app.kubernetes.io/name=echo,deploymentColor=blue
Replicas: 1 desired | 1 updated | 1 total | 0 available | 1 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=echo-blue
app.kubernetes.io/instance=echo-blue
app.kubernetes.io/name=echo
deploymentColor=blue
Annotations: vault.hashicorp.com/agent-inject: true
vault.hashicorp.com/agent-inject-secret-vault-secrets.txt: kv/b
vault.hashicorp.com/role: vault
Service Account: REDACTED
Containers:
echoserver:
Image: Google Cloud console
Port: 8080/TCP
Host Port: 0/TCP
Environment Variables from:
echo-blue ConfigMap Optional: false
echo-blue-secrets Secret Optional: false
Environment:
foo: <set to the key ‘foo’ in secret ‘echo-blue-secrets’> Optional: false
KUBERNETES_CLUSTER_DOMAIN: cluster.local
Mounts:
Volumes:
Conditions:
Type Status Reason
Available False MinimumReplicasUnavailable
Progressing True ReplicaSetUpdated
OldReplicaSets:
NewReplicaSet: echo-blue-6d67b44cc4 (1/1 replicas created)
Events:
Type Reason Age From Message
Normal ScalingReplicaSet 2m4s deployment-controller Scaled up replica set echo-blue-6d67b44cc4 to 1
kubectl -n REDACTED describe replicaset echo-blue
Name: echo-blue-6d67b44cc4
Namespace: REDACTED
Selector: app=echo-blue,app.kubernetes.io/instance=echo-blue,app.kubernetes.io/name=echo,deploymentColor=blue,pod-template-hash=6d67b44cc4
Labels: app=echo-blue
app.kubernetes.io/instance=echo-blue
app.kubernetes.io/name=echo
deploymentColor=blue
pod-template-hash=6d67b44cc4
Annotations: deployment.kubernetes.io/desired-replicas: 1
deployment.kubernetes.io/max-replicas: 2
deployment.kubernetes.io/revision: 1
meta.helm.sh/release-name: echo-blue
meta.helm.sh/release-namespace: REDACTED
Controlled By: Deployment/echo-blue
Replicas: 1 current / 1 desired
Pods Status: 0 Running / 1 Waiting / 0 Succeeded / 0 Failed
Pod Template:
Labels: app=echo-blue
app.kubernetes.io/instance=echo-blue
app.kubernetes.io/name=echo
deploymentColor=blue
pod-template-hash=6d67b44cc4
Annotations: vault.hashicorp.com/agent-inject: true
vault.hashicorp.com/agent-inject-secret-vault-secrets.txt: kv/b
vault.hashicorp.com/role: vault
Service Account: REDACTED
Containers:
echoserver:
Image: Google Cloud console
Port: 8080/TCP
Host Port: 0/TCP
Environment Variables from:
echo-blue ConfigMap Optional: false
echo-blue-secrets Secret Optional: false
Environment:
foo: <set to the key ‘foo’ in secret ‘echo-blue-secrets’> Optional: false
KUBERNETES_CLUSTER_DOMAIN: cluster.local
Mounts:
Volumes:
Events:
Type Reason Age From Message
Normal SuccessfulCreate 2m25s replicaset-controller Created pod: echo-blue-6d67b44cc4-l798t