Vault Installation using Helm | jq not installed in the pod | sudo permissions not available

Dear Hashicorp Vault Team,

Hope you are doing well. I am trying to install Vault using Helm and installs fine. However, it seems that when the pod is deployed, jq tool is not present.

kubectl get pods
NAME                                               READY   STATUS    RESTARTS   AGE
vault-1641843739-0                                 1/1     Running   0          62m
vault-1641843739-agent-injector-54f9db6dc7-scpmz   1/1     Running   0          62m

and when we login into the pod using

kubectl exec --stdin=true --tty=true vault-1641843739-0 -- /bin/sh
/ $ jq
/bin/sh: jq: not found
/ $ apk update jq
ERROR: Unable to lock database: Permission denied
ERROR: Failed to open apk database: Permission denied

jq tool is not installed by default and it is required to run commands as presented in many of your Hashicorp tutorials. Definetily there is a work around for this by passing service-name and accessing the VAULT API remotely (requires extra steps). It might be a good idea to include jq by default?

uname -a

Linux vault-1641843739-0 4.19.0-18-cloud-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 Linux

There are many other nice tools, which are NOT installed in the image (curl, for example). And this is the whole point - to have only one app and have the container as slim as possible. You could try to run another (debug) pod and query from it. I use this image, it has tons of useful tools: Network-MultiTool

1 Like