bank-vaults icon indicating copy to clipboard operation
bank-vaults copied to clipboard

Published 20 hours ago verified publisher icon bank-vaults

cr-raft-ha-storage.yaml is broken

Open ameyp opened this issue 2 years ago • 2 comments

Describe the bug: Applying cr-raft-ha-storage.yaml fails with the following errors:

error: error validating "https://raw.githubusercontent.com/banzaicloud/bank-vaults/main/operator/deploy/cr-raft-ha-storage.yaml": error validating data: [ValidationError(Vault.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[0]): unknown field "podAffinityTerm" in com.banzaicloud.vault.v1alpha1.Vault.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution, ValidationError(Vault.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[0]): missing required field "preference" in com.banzaicloud.vault.v1alpha1.Vault.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution, ValidationError(Vault.spec.volumeClaimTemplates[0].spec): unknown field "hostPath" in com.banzaicloud.vault.v1alpha1.Vault.spec.volumeClaimTemplates.spec]; if you choose to ignore these errors, turn validation off with --validate=false

I changed the YAML to match the CRD to the best of my ability, after which I was able to apply the YAML, but vault-operator doesn't start any vault instances, and vault-configurer just fails forever with:

2022-08-20T00:16:36-07:00 {"level":"error","msg":"error checking if vault is sealed: error checking status: context deadline exceeded, waiting 5s before trying again...","time":"2022-08-20T07:16:36Z"}
2022-08-20T00:16:41-07:00 {"level":"info","msg":"checking if vault is sealed...","time":"2022-08-20T07:16:41Z"}
2022-08-20T00:17:41-07:00 {"level":"error","msg":"error checking if vault is sealed: error checking status: context deadline exceeded, waiting 5s before trying again...","time":"2022-08-20T07:17:41Z"}
2022-08-20T00:17:46-07:00 {"level":"info","msg":"checking if vault is sealed...","time":"2022-08-20T07:17:46Z"}

Expected behaviour: Applying the YAML should work without any errors, vault instances should be spun up

Steps to reproduce the bug: Install vault-operator using helm, apply the rbac yaml, try to apply https://raw.githubusercontent.com/banzaicloud/bank-vaults/main/operator/deploy/cr-raft-ha-storage.yaml

Environment details:

  • Kubernetes version (e.g. v1.10.2): v1.24.1+k3s1
  • Cloud-provider/provisioner (e.g. AKS, GKE, EKS, PKE etc): Bare metal
  • bank-vaults version (e.g. 0.4.17): 1.15.8
  • Install method (e.g. helm or static manifests): helm
  • Logs from the misbehaving component (and any other relevant logs):

Here are the logs from vault-operator:

2022-08-20T00:13:41-07:00 {"level":"info","ts":1660979621.9926412,"logger":"cmd","msg":"Watched namespace: "}
2022-08-20T00:13:42-07:00 {"level":"info","ts":1660979622.9337153,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8383"}
2022-08-20T00:13:42-07:00 {"level":"info","ts":1660979622.9338908,"logger":"cmd","msg":"Registering Components."}
2022-08-20T00:13:43-07:00 {"level":"info","ts":1660979623.7365143,"logger":"cmd","msg":"Starting the Cmd."}
2022-08-20T00:13:43-07:00 {"level":"info","ts":1660979623.7366886,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
2022-08-20T00:13:43-07:00 I0820 07:13:43.736806       1 leaderelection.go:243] attempting to acquire leader lease vault/vault-operator-lock...
2022-08-20T00:14:01-07:00 I0820 07:14:01.159093       1 leaderelection.go:253] successfully acquired lease vault/vault-operator-lock
2022-08-20T00:14:01-07:00 {"level":"info","ts":1660979641.1594145,"logger":"controller-runtime.manager.controller.vault-controller","msg":"Starting EventSource","source":"kind source: /, Kind="}
2022-08-20T00:14:01-07:00 {"level":"info","ts":1660979641.1595492,"logger":"controller-runtime.manager.controller.vault-controller","msg":"Starting Controller"}
2022-08-20T00:14:01-07:00 {"level":"info","ts":1660979641.2909288,"logger":"controller-runtime.manager.controller.vault-controller","msg":"Starting workers","worker count":1}
2022-08-20T00:14:01-07:00 {"level":"info","ts":1660979641.2910993,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:15:50-07:00 {"level":"info","ts":1660979750.7725778,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:16:50-07:00 {"level":"info","ts":1660979810.8944893,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:17:51-07:00 {"level":"info","ts":1660979871.0938833,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:18:51-07:00 {"level":"info","ts":1660979931.1938345,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:19:51-07:00 {"level":"info","ts":1660979991.2975862,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
2022-08-20T00:20:51-07:00 {"level":"info","ts":1660980051.3187408,"logger":"controller_vault","msg":"Reconciling Vault","Request.Namespace":"vault","Request.Name":"vault"}
  • Resource definition (possibly in YAML format) that caused the issue, without sensitive data:

/kind bug

ameyp avatar Aug 20 '22 07:08 ameyp

The problem with vault-0 not showing up was related to a misconfiguration on my part of the PVC, but the YAML being invalid is still an issue.

ameyp avatar Aug 20 '22 15:08 ameyp

Most likely because, as mentioned in the docs:

Note: When using the Integrated Storage backend, a separate ha_storage backend cannot be declared.

gnadaban avatar Aug 29 '22 16:08 gnadaban