【发布时间】:2021-12-06 16:41:05
【问题描述】:
我在这里使用自定义 values.yaml 文件通过 Helm 部署 Hashicorp Vault:
server:
enabled: true
extraEnvironmentVars:
VAULT_ADDR: "https://hostname"
extraVolumes:
- type: secret
name: vault-server-tls
service:
enabled: true
port: 8200
targetPort: 443
ha:
enabled: true
replicas: 3
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = false
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/tls.key"
}
storage "raft" {
path = "/vault/data"
}
config: |
ui = true
listener "tcp" {
tls_disable = false
address = "${VAULT_ADDR}:443"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/tls.key"
tls_skip_verify = true
}
storage "consul" {
path = "vault"
address = "HOST_IP:8500"
}
disable_mlock = true
ui:
enabled: true
serviceType: LoadBalancer
externalPort: 443
targetPort: 8200
我已成功部署 Vault。我也可以通过 UI 解封它。 当我通过 Lens IDE 查看 Vault pod 时,我看到 3 个副本只是循环显示警告消息:
- Readiness probe failed. Key value --- ----- Seal Type shamir Initialized false Sealed true Total Shares 0 Threshold 0 Unseal Progress 0/0 Unseal Nonce n/a Version 1.8.3 Storage Type raft HA Enabled true
但是,它只是在循环,然后 pod 再次变得良好,并且 UI 在整个 pod 循环期间仍可访问。是什么导致 pod 循环显示此消息?
【问题讨论】:
标签: kubernetes kubernetes-helm hashicorp-vault