OpenShift failed to restart pod : /vault/data/vault.db: permission denied


I setup vault on openshift 4.5 using official documentation (using helm chart) and managed to make it works. I configured ldap and kubernetes auth, create a few secrets.
It is using the HA mode with raft storage (3 replicas, each one having its storage/pvc).

Since a few hours, one of the pod was crashlooping with the following error :

Error initializing storage of type raft: failed to create fsm: failed to open bolt file: open /vault/data/vault.db: permission denied

I tried shutting down all the pods but all of them have this error when starting.

The permissions of the file:
-rw-r–r-- 1 1000050000 root 131072 Jan 13 11:33 vault.db

(I tried changing group to 1000, which is the vault group, but it didn’t helped).

I created an SCC for the serviceAccount used by the pod which give some uid/gid:

  • max: 2000
    min: 1000
    type: MustRunAs
    type: MustRunAs
    uid: 100
    type: MustRunAs
    type: RunAsAny
  • system:serviceaccount:vault-test:vault
  • system:serviceaccount:vault-test:vault-agent-injector

The config part for raft:
config: |
ui = true

listener “tcp” {
tls_disable = 1
address = “”
cluster_address = “”

storage “raft” {
path = “/vault/data”

service_registration “kubernetes” {}

Is this a known issue ? Should I add som securityContext to the pod or the container (currently empty) in order to make it working on openshift ? But I don’t understand why/how it achieve then to start the first time and write all those files.

Thanks a lot !

Hello again,

After reading issues on git* I tried changing the owner of the files, which apparently made it working.
chown 100:1000 ./ -R

I still don’t understand why the permissions were changed and will we encounter the error inthe future ?