Some API requests are not forwarded to leader when vault is set in HA mode


I’m running a vault v1.5.6 HA cluster (with raft storage and tls enabled) in k8s composed by 5 nodes.
The cluster is initialized and all nodes are part of the raft cluster (1 leader and 4 followers). Vault UI is well working and almost all api requests too.

But, I encounter some troubles with few api requests:

  • API request for vault snapshot

–request GET
–header “X-Vault-Token: <VAULT_TOKEN>”
<VAULT_URL>/v1/sys/storage/raft/snapshot > /<SNAPSHOT_NAME>

  • API request to get telemetry metrics

–request GET
–header “X-Vault-Token: <VAULT_TOKEN>”

At this step:

  • <VAULT_URL> is the K8s ingress url wich point to vault service
  • <VAULT_TOKEN> is the vault root token which is not revoked as it is a vault test instance

When I request vault API for those two endpoints, the request is not sent to leader node by the followers and I get this error response:

{“errors”:[“error performing token check: Vault is in standby mode”]}

Sometimes, the request well responds and I think it is when the request is directely processed by the leader node.
I cannot see any error in vault logs.

Do you have an idea why I face this behaviour ?

Thank you for your help