The version of Vault we're running at the moment is 1.11.3 (chart's target revision is 0.22.0). There is an issue in 1.11.2 where a pod going down means that it doesn't recover, which also seems to be affecting us - see details hashicorp/vault#17470
This version is quite old anyway, being released about 2 years ago and is now in the 1.17.x range. We should upgrade our version of Vault to a much newer version, but also ensure that there are no interface changes which would break our application.
In order to unseal Vault after a node restart - the pod should show 0/1 ready state...
- Set up port forwarding for the pod
- Got to the UI
- Find the first unseal key
kubectl get secrets -n vault vault-unseal-secret -o jsonpath='{.data.root-unseal-key-1}' | base64 -d
- In the prompt "unseal key portion", enter the unseal key
- Repeat until you have all the required key portions (usually 3 parts required)
- Repeat for each pod
The version of Vault we're running at the moment is 1.11.3 (chart's target revision is 0.22.0). There is an issue in 1.11.2 where a pod going down means that it doesn't recover, which also seems to be affecting us - see details hashicorp/vault#17470
This version is quite old anyway, being released about 2 years ago and is now in the
1.17.xrange. We should upgrade our version of Vault to a much newer version, but also ensure that there are no interface changes which would break our application.In order to unseal Vault after a node restart - the pod should show
0/1 readystate...kubectl get secrets -n vault vault-unseal-secret -o jsonpath='{.data.root-unseal-key-1}' | base64 -d