Hello,
I’m running a vault v1.5.6 HA cluster (with raft storage and tls enabled) in k8s composed by 5 nodes.
The cluster is initialized and all nodes are part of the raft cluster (1 leader and 4 followers). Vault UI is well working and almost all api requests too.
But, I encounter some troubles with few api requests:
- API request for vault snapshot
curl
–request GET
–header “X-Vault-Token: <VAULT_TOKEN>”
<VAULT_URL>/v1/sys/storage/raft/snapshot > /<SNAPSHOT_NAME>
- API request to get telemetry metrics
curl
–request GET
–header “X-Vault-Token: <VAULT_TOKEN>”
<VAULT_URL>/v1/sys/metrics?format=prometheus
At this step:
- <VAULT_URL> is the K8s ingress url wich point to vault service
- <VAULT_TOKEN> is the vault root token which is not revoked as it is a vault test instance
Behaviour:
When I request vault API for those two endpoints, the request is not sent to leader node by the followers and I get this error response:
{“errors”:[“error performing token check: Vault is in standby mode”]}
Sometimes, the request well responds and I think it is when the request is directely processed by the leader node.
I cannot see any error in vault logs.
Do you have an idea why I face this behaviour ?
Thank you for your help