I deployed the following helm chart for vault and I get the following error:
Normal Scheduled 25s default-scheduler Successfully assigned m4d-system/vault-0 to kind-control-plane
Normal Pulled 24s kubelet Container image "vault:1.6.2" already present on machine
Normal Created 24s kubelet Created container vault
Normal Started 24s kubelet Started container vault
Warning Unhealthy 2s kubelet Readiness probe failed: Key Value
— ----- Seal Type shamir
Initialized true
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 0/3
Unseal Nonce n/a
Version 1.6.2
Storage Type file
HA Enabled false
I also do not understand the behavior : sometimes vault is initialized and sealed and sometimes is no initialized and sealed. I appreciate help with that. Thanks.
global:
enabled: true
tlsDisable: false
server:
logLevel: debug
logFormat: standard
readinessProbe:
enabled: true
# If you need to use a http path instead of the default exec
# path: /v1/sys/health?standbyok=true
# When a probe fails, Kubernetes will try failureThreshold times before giving up
failureThreshold: 2
# Number of seconds after the container has started before probe initiates
initialDelaySeconds: 20
# authDelegator enables a cluster role binding to be attached to the service
# account. This cluster role binding can be used to setup Kubernetes auth
# method. https://www.vaultproject.io/docs/auth/kubernetes.html
authDelegator:
enabled: true
extraVolumes:
- type: secret
name: vault-server-tls # Matches the ${SECRET_NAME} from above
standalone:
enabled: true
config: |
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/tls.key"
tls_client_ca_file = "/vault/userconfig/vault-server-tls/ca.crt"
}
storage "file" {
path = "/vault/data"
}