Is your feature request related to a problem? Please describe.
The vault agent-injector deployment has a VAULT_ADDR that is defaulting to the service vault..svc: for the internal cluster address. See also here.
When one or more replicas of the vault server statefulset are sealed, this means that the vault agent init- and sidecar containers will be pointing to sealed vault instances and returning errors. In our mind it would make sense to configure the vault agent-injector to use the vault-active service, which is always pointing to a working instance.
If it's a conscious decision to use the vault service address and there's something we're not understanding correctly we'd also be glad to know.
Describe the solution you'd like
We'd like to have the option to configure the vault agent-injector to use the vault-active service which is always pointing to the active vault server instance.
Describe alternatives you've considered
Overriding the vault address for all workloads through pod annotations but we'd prefer to b able to set it as a default.
Is your feature request related to a problem? Please describe. The vault agent-injector deployment has a VAULT_ADDR that is defaulting to the service vault..svc: for the internal cluster address. See also here.
When one or more replicas of the vault server statefulset are sealed, this means that the vault agent init- and sidecar containers will be pointing to sealed vault instances and returning errors. In our mind it would make sense to configure the vault agent-injector to use the vault-active service, which is always pointing to a working instance.
If it's a conscious decision to use the vault service address and there's something we're not understanding correctly we'd also be glad to know.
Describe the solution you'd like We'd like to have the option to configure the vault agent-injector to use the vault-active service which is always pointing to the active vault server instance.
Describe alternatives you've considered Overriding the vault address for all workloads through pod annotations but we'd prefer to b able to set it as a default.
Additional context N/A