search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.26k stars 4.23k forks source link

vault-enterprise:1.17.6 docker image does not contain ca-certificates apk package #28789

Open conman2305 opened 3 weeks ago

conman2305 commented 3 weeks ago

Is your feature request related to a problem? Please describe. We recently upgraded from the hashicorp/vault-enterprise:1.15.6 docker image to hashicorp/vault-enterprise:1.17.6 and along with the upgrade to Alpine 3.20, it looks like the ca-certificates package is no longer installed.

We call update-ca-certificates as an extra init container in our Helm chart to load internal CA certs into the trusted CA bundle for the main application container as a shared volume mount

Describe the solution you'd like Install the ca-certificates package as part of the vault image.

Describe alternatives you've considered We reverted back to the 1.15.6 image as the source init container for building the trusted cert bundle for now, but it would be nice to keep the init container we use to build the trusted cert bundle the same version as the main application container

dukhat2259 commented 3 weeks ago

FWIW, I wrestled with this yesterday and I caved in with

services:
  vault:
    volumes:
      - /etc/ssl/cert.pem:/etc/ssl/cert.pem:ro