Hi,
I’m running vault a replicas mode with postgresql as backend on Kubernetes. Vault initilization and unsealing are taken care through a Kubernetes job. When i’m trying to populate/bootstrap some changes on vault, i’m facing “no handler for route” errors at various phases.
Bootstrapping steps ,
vault login -no-store $VAULT_TOKEN
vault secrets enable pki
vault secrets tune -max-lease-ttl=87600h pki
vault write pki/root/generate/internal common_name=vault ttl=87600h private_key_format=“pkcs8”
vault write pki/config/urls issuing_certificates=“https://vault:8200/v1/pki/ca” crl_distribution_points=“https://vault:8200/v1/pki/crl”
vault write pki/roles/client allow_any_name=“true” client_flag=“true” max_ttl=“87600h” server_flag=“false”
vault write pki/roles/server allow_any_name=“true” allowed_domains=“cluster.local” allow_subdomains=“true” client_flag=“true” max_ttl=“87600h” enforce_hostnames=“false” server_flag=“true”
Error Details ,
Enabling pki engine at ‘pki’ path… Success! Enabled the pki secrets engine at: pki/ Tuning pki secret engine… Success! Tuned the secrets engine at: pki/ Generating self-signed root CA certificate Error writing data to pki/root/generate/internal: Error making API request. URL: PUT https://vault:8200/v1/pki/root/generate/internal Code: 404. Errors: * no handler for route ‘pki/root/generate/internal’
Vault version : 1.3.0 (Docker image)
Vault server configuration :
config.json
{“listener”:{“tcp”:{“address”:"[::]:8200",“cluster_address”:"[::]:8201",“tls_cert_file”:"/vault/tls/tls.crt",“tls_cipher_suites”:“TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA”,“tls_disable”:false,“tls_key_file”:"/vault/tls/tls.key",“tls_prefer_server_cipher_suites”:true}},“storage”:{“postgresql”:{}},“ui”:false}
storage-config.hcl
storage “postgresql” {
connection_url = “postgres://vault:vault123@localhost:5432/vault?sslmode=disable”
}
telemetry.hcl
telemetry {
prometheus_retention_time = “30s”
disable_hostname = true
dogstatsd_addr = “10.0.0.162:8125”
dogstatsd_tags = [“namespace=infratest”,“service=polaris-vault”]
}
vault server -config /vault/config/config.json -config /tmp/storage-config.hcl -config /tmp/telemetry.hcl
Any thoughts on whats going wrong here?