variable "cluster_name" {
type = string
default = "xxxxxxx"
}
variable "region" {
type = string
default = "eu-central-1"
}
variable "vpc_name" {
type = string
default = "xxxxxxxxxx"
}
variable "force_destroy" {
type = bool
default = true
}
Created outputs.tf
output "jx_requirements" {
value = module.eks-jx.jx_requirements
}
output "vault_user_id" {
value = module.eks-jx.vault_user_id
description = "The Vault IAM user id"
}
output "vault_user_secret" {
value = module.eks-jx.vault_user_secret
description = "The Vault IAM user secret"
}
Expected behavior
Vault unseal
Actual behavior
Terraform version
The output of terraform version is:
terraform version
Terraform v0.14.6
Your version of Terraform is out of date! The latest version
is 0.14.7. You can update by downloading from https://www.terraform.io/downloads.html
Module version
Operating system
CentOS 7
kubectl get pods
NAME READY STATUS RESTARTS AGE
jx-vault-test-0 1/3 CrashLoopBackOff 16 19m
jx-vault-configurer-65bfc5765c-cfjdn 1/1 Running 0 19m
vault-operator-7b4c658649-pdbl8 1/1 Running 0 19m
Logs:
Using eth0 for VAULT_CLUSTER_ADDR: https://10.0.3.34:8201
telemetry.disable_hostname has been set to false. Recommended setting is true for Prometheus to avoid poorly named metrics.
Error initializing storage of type dynamodb: UnrecognizedClientException: The security token included in the request is invalid.
status code: 400, request id: MTMFPKM9GIQN2H2MJAHBDHS11RVV4KQNSO5AEMVJF66Q9ASUAAJG
Logs from JX Boot:
Waiting for vault to be initialized and unsealed...
Waiting for vault to be initialized and unsealed...
Waiting for vault to be initialized and unsealed...
error: creating system vault URL client: wait for vault to be initialized and unsealed: reading vault health: Error making API request.
URL: GET http://vault-jx.18.157.121.79.nip.io/v1/sys/health?drsecondarycode=299&performancestandbycode=299&sealedcode=299&standbycode=299&uninitcode=299
Code: 503. Raw Message:
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
Summary
Installed EKS cluster using this repo instructions - only defaults Exported VAULT
env | grep VAULT
VAULT_AWS_SECRET_ACCESS_KEY=xxxxx VAULT_AWS_ACCESS_KEY_ID=xxxxxxxx
Steps to reproduce the behavior
Created main.tf
Created variables.tf
Created outputs.tf
Expected behavior
Vault unseal
Actual behavior
Terraform version
The output of
terraform version
is:Module version
Operating system
Logs:
Logs from JX Boot:
env | grep AWS
VAULT_AWS_SECRET_ACCESS_KEY=xxxxxxx VAULT_AWS_ACCESS_KEY_ID=xxxxx AWS_DEFAULT_REGION=xxxxxx AWS_SECRET_ACCESS_KEY=xxxxxxxxxx AWS_REGION=xxxx AWS_ACCESS_KEY_ID=xxxxxx