search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
273 stars 152 forks source link

Health state not resetting #514

Closed rcomanne closed 3 years ago

rcomanne commented 3 years ago

https://github.com/spring-cloud/spring-cloud-vault/blob/02cafdae36de17197f61429955fd1bf17e3d6165/spring-cloud-vault-config/src/main/java/org/springframework/cloud/vault/config/HealthBuilderDelegate.java#L53

Hi, we've been doing some more investigations into health status reported by the Spring Boot app of Vault. When testing, I saw that the state did not reset after being set to a value, looking at the code, it seems there is no 'default state' explaining why it is not changed after being set once.

mp911de commented 3 years ago

Care to provide a bit more context? I have also trouble understanding what

not changed after being set once

means. What is set once and does not change? The health object is built upon each request to obtain the health.

rcomanne commented 3 years ago

Okay, then I guess I misunderstood, but I'll provide the context; We were testing some things out with our setup, testing with removing one or more Vault instances to see how the application would react. It is correctly providing us with the requested information like this;

    "vault": {
      "status": "UP",
      "details": {
        "version": "1.5.4"
      }
    }

However, once the state went to 'Vault is standby' it did not seem to revert back to a health response without the state field present. This triggered me to think that it was not set and a very quick look at the code confirmed my suspicion, that it was set once and forgot, however, if it is build upon every request, then my findings are moot.

mp911de commented 3 years ago

Are you talking about Vault in Cluster mode? If so, then you probably need to set the DNS name of the cluster. I'm not sure when Vault issues a redirect to the active master, guess in your case requests are stuck with a standby node.

rcomanne commented 3 years ago

We are running Vault on kubernetes in Cluster mode yes, we connect to Vault using the internal DNS of kubernetes, so I guess that means no redirect to the master happens. Thanks for taking the time to answer me and think with me, I now know what happens and why, this issue can be closed.