search

hashicorp / vault-helm

Helm chart to install Vault and other associated components.
Mozilla Public License 2.0
1.05k stars 868 forks source link

Latest vault helm chart (0.27.0) does not work with GCPCKMS #1000

Open kcansiz opened 4 months ago

kcansiz commented 4 months ago

I pulled latest (0.27.0) helm chart from "https://github.com/hashicorp/vault-helm". When i start a HA Raft server with 3 nodes in GKE and use GCPCKMS to auto-unseal, it does not work as expected.

Helm chart shows that in server.ha.config (there was no notation for raft but it works in server.ha.raft.config) I should give the configs. However it is constantly turning to me as crashloopbackoff. server: ha: config: |

seal "gcpckms" {

  #   project     = "***"
  #   region      = "***"
  #   key_ring    = "***"
  #   crypto_key  = "***"
  #}

After spending hours i figured out that server.image.tag was making it fail. When i change it to 1.5.0 from repository "vault" it worked fine.

default image:

server: image: repository: "hashicorp/vault" tag: "1.15.2"

Overrides the default Image Pull Policy

pullPolicy: IfNotPresent

I am using:

server: image: repository: "vault" tag: "1.5.0"

Overrides the default Image Pull Policy

pullPolicy: IfNotPresent