Sometimes pods are created without init container copy-vault-env

[efimenko-dmi]

Preflight Checklist

• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
• [X] I am not looking for support or already pursued the available support channels without success.
• [X] I agree to follow the Code of Conduct.

Vault Secrets Webhook Version

1.19.0

Installation Type

Official Helm chart

Bank-Vaults Version

1.6.2

Kubernetes Version

1.23

Kubernetes Distribution/Provisioner

MSK

Expected Behavior

Running the init container copy_vault_env always together with the pod

Actual Behavior

recently got a k8s cluster at my disposal, it has vault v1.6.2 installed, as well as vault-operator and vault-secrets-webhook v1.19.0 from banzaicloud.

The support team began to notice that sometimes pods and jobs start without copy-vault-env init container. Because of this, they do not have access to the vault secrets, and use only the paths in their configuration (secrets are mapped from the config map to ENV, if this is important). The only solution to the problem is deleting the pod and creating it again (with the same configuration and annotations). At the same time, I don’t find any errors in the vault-operator and vault-secrets-webhook logs, the logs are in debug mode.

Please tell me what can be done in this situation, are there any options for analyzing this problem?

Steps To Reproduce

No response

Configuration

No response

Logs

No response

Additional Information

No response

[Dbzman]

We observe this as well (version 1.21.0) and found this issue to be the closest to our problem: #254 Sadly there's no reliable workaround right now. It's currently blocking us from deploying the secrets webhook to production.

[Oriolemon]

We observe the same problem in version 1.19.0

[csatib02]

Closing in favor of the same issue: https://github.com/bank-vaults/vault-secrets-webhook/issues/254