vault-agent-demo
vault-agent-demo copied to clipboard
Published
20 hours ago •
jasonodonnell
jasonodonnell
Errors getting PostStartHook to work
Thanks for this demo repo!
I am facing some issues when automating the post-start tasks via k8s.
When I execute the following manually after pod creation, everything works
OUTPUT=/tmp/output.txt
export VAULT_ADDR=https://127.0.0.1:8200
export VAULT_SKIP_VERIFY=true
vault operator init >>${OUTPUT?}
unseal=$(cat ${OUTPUT?} | grep "Recovery Key 1:" | sed -e "s/Recovery Key 1: //g")
root=$(cat ${OUTPUT?} | grep "Initial Root Token:" | sed -e "s/Initial Root Token: //g")
[...]
However, when using postStart:, pods error right from the start (in the vault operator init call it seems):
Warning FailedPostStartHook 17m kubelet Exec lifecycle hook ([/bin/sh -c sleep 5 && cp /vault/userconfig/demo-vault/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh]) for Container "vault" in Pod "vault-0_vault(a37cdea2-9b4c-4b78-81e6-dd61db6e0e72)" failed - error: command '/bin/sh -c sleep 5 && cp /vault/userconfig/demo-vault/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh' exited with 2: Error initializing: Put "https://127.0.0.1:8200/v1/sys/init": dial tcp 127.0.0.1:8200: connect: connection refused
PS: I needed to change "Unseal" to "Recovery", I guess the naming has changed in the recent vault releases (using 1.8.3 atm). I already added a sleep delay of 30s (instead of 5s) without success.
