Unable list pki issuers after helm deployment

bluebrown1 · July 17, 2022, 6:19pm

Hi, I followed the tutorial Build Your Own Certificate Authority (CA) | Vault | HashiCorp Developer and got it working locally.

Now, I want to deploy it in kubernetes via the helm chart. I followed the steps from the docs, to deploy and unseal the vault.

Afterwards, I tried to bootstrap the PKI, the same way as shown in the tutorial.

helm install vault hashicorp/vault --set='ui.enabled=true'
k port-forward --address 127.0.0.1 svc/vault-ui 8200:8200 >/dev/null &

# unseal vault via ui 

export VAULT_TOKEN="<root-token>"
export VAULT_ADDR="http://127.0.0.1:8200"

vault secrets enable pki
vault write -field=certificate pki/root/generate/internal \
     common_name="example.com" \
     issuer_name="root-2022" \
     ttl=87600h > root_2022_ca.crt

# this is the problem
vault list pki/issuers/

But, it doesn’t find any issuers.

No value found at pki/issuers

I am not sure why it can’t find any issuers. As mentioned, it works locally with the dev server.

maxb · July 17, 2022, 6:24pm

Multiple issuer support is new in Vault 1.11.

The Helm chart’s default version is still 1.10.3.

You’ll need to configure the Vault version you actually want to run in Helm values.

bluebrown1 · July 17, 2022, 6:41pm

Yes, that was the problem. Thanks alot.

--set=server.image.tag=1.11,injector.agentImage.tag=1.11