The version of Vault we're running at the moment is 1.11.3 (chart's target revision is 0.22.0). There is an issue in 1.11.2 where a pod going down means that it doesn't recover, which also seems to be affecting us - see details https://github.com/hashicorp/vault/issues/17470
This version is quite old anyway, being released about 2 years ago and is now in the 1.17.x range. We should upgrade our version of Vault to a much newer version, but also ensure that there are no interface changes which would break our application.
In order to unseal Vault after a node restart - the pod should show 0/1 ready state...
Set up port forwarding for the pod
Got to the UI
Find the first unseal key kubectl get secrets -n vault vault-unseal-secret -o jsonpath='{.data.root-unseal-key-1}' | base64 -d
In the prompt "unseal key portion", enter the unseal key
Repeat until you have all the required key portions (usually 3 parts required)
The version of Vault we're running at the moment is 1.11.3 (chart's target revision is 0.22.0). There is an issue in 1.11.2 where a pod going down means that it doesn't recover, which also seems to be affecting us - see details https://github.com/hashicorp/vault/issues/17470
This version is quite old anyway, being released about 2 years ago and is now in the
1.17.x
range. We should upgrade our version of Vault to a much newer version, but also ensure that there are no interface changes which would break our application.In order to unseal Vault after a node restart - the pod should show
0/1 ready
state...kubectl get secrets -n vault vault-unseal-secret -o jsonpath='{.data.root-unseal-key-1}' | base64 -d