Thiết kế website giá rẻ

Question

I am working on installing Vault operator on openshift in HA mode using the official helm chart. I am using an autounseal approch obver a vault unsealer server installed in another openshift cluster which is the managemnt cluster ACM.
I have got an issue in the leader address where the vault ui is not accessible and even when I did try to access the vaulkt service directly it is not working.
Here is the config :

global:
  namespace: vault
  openshift: true


injector:
  image:
    repository: "hashicorp/vault-k8s"
    tag: "1.3.1"
  agentImage:
    repository: "hashicorp/vault"
    tag: "1.15.2"
  securityContext:
    pod: {}
    container: {}

server:
  image:
    repository: "hashicorp/vault"
    tag: "1.15.2"
  statefulSet:
    securityContext:
      pod: {}
      container: {}
  auditStorage:
    storageClass: ocs-storagecluster-cephfs
  dataStorage:
    storageClass: ocs-storagecluster-cephfs
  route:
    activeService: true
    enabled: true
    host: vault.apps.tst.ocp.int
    tls:
      termination: passthrough
  ha:
    replicas: 3
    enabled: true
    raft:
      enabled: true
      config: |-
        disable_mlock = true
        ui = true
        
        listener "tcp" {
          address = "[::]:8200"
          cluster_address = "[::]:8201"
          tls_cert_file = "/vault/userconfig/vault-tls/vault.crt"
          tls_key_file = "/vault/userconfig/vault-tls/vault.key"
          tls_client_ca_file = "/vault/userconfig/vault-tls/vault.ca"
        }
        
        seal "transit" {
          address = "https://vault-unseal.apps.mgt.ocp.int"
          token = "{MY_TOKEN}"
          disable_renewal = false
          key_name = "autounseal"
          mount_path = "transit/"
        }
        
        storage "raft" {
          path = "/vault/data"
          retry_join {
            leader_api_addr = "https://vault.apps.tst.ocp.int"
            leader_ca_cert_file = "/vault/userconfig/vault-tls/vault.ca"
            leader_client_cert_file = "/vault/userconfig/vault-tls/vault.crt"
            leader_client_key_file = "/vault/userconfig/vault-tls/vault.key"
          }
        }

here is the vault error :

Cluster Address: https://vault-0.vault-internal:8201
Environment Variables: GODEBUG, HOME, HOSTNAME, HOST_IP, KUBERNETES_PORT, KUBERNETES_PORT_443_TCP, KUBERNETES_PORT_443_TCP_ADDR, KUBERNETES_PORT_443_TCP_PORT, KUBERNETES_PORT_443_TCP_PROTO, KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT, KUBERNETES_SERVICE_PORT_HTTPS, NAME, NSS_SDB_USE_CACHE, PATH, POD_IP, PWD, SHLVL, SKIP_CHOWN, SKIP_SETCAP, TERM, VAULT_ACTIVE_PORT, VAULT_ACTIVE_PORT_8200_TCP, VAULT_ACTIVE_PORT_8200_TCP_ADDR, VAULT_ACTIVE_PORT_8200_TCP_PORT, VAULT_ACTIVE_PORT_8200_TCP_PROTO, VAULT_ACTIVE_PORT_8201_TCP, VAULT_ACTIVE_PORT_8201_TCP_ADDR, VAULT_ACTIVE_PORT_8201_TCP_PORT, VAULT_ACTIVE_PORT_8201_TCP_PROTO, VAULT_ACTIVE_SERVICE_HOST, VAULT_ACTIVE_SERVICE_PORT, VAULT_ACTIVE_SERVICE_PORT_HTTP, VAULT_ACTIVE_SERVICE_PORT_HTTPS_INTERNAL, VAULT_ADDR, VAULT_AGENT_INJECTOR_SVC_PORT, VAULT_AGENT_INJECTOR_SVC_PORT_443_TCP, VAULT_AGENT_INJECTOR_SVC_PORT_443_TCP_ADDR, VAULT_AGENT_INJECTOR_SVC_PORT_443_TCP_PORT, VAULT_AGENT_INJECTOR_SVC_PORT_443_TCP_PROTO, VAULT_AGENT_INJECTOR_SVC_SERVICE_HOST, VAULT_AG...
Go Version: go1.21.3
Listener 1: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
Log Level:
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: raft (HA available)
Version: Vault v1.15.2, built 2023-11-06T11:33:28Z
Version Sha: cf1b5cafa047bc8e4a3f93444fcb4011593b92cb
==> Vault server started! Log data will stream in below:
2024-04-30T07:19:43.191Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-04-30T07:19:43.192Z [WARN] storage.raft.fsm: raft FSM db file has wider permissions than needed: needed=-rw------- existing=-rw-rw----
2024-04-30T07:19:43.368Z [INFO] incrementing seal generation: generation=1
2024-04-30T07:19:43.369Z [INFO] core: Initializing version history cache for core
2024-04-30T07:19:43.369Z [INFO] events: Starting event system
2024-04-30T07:19:43.370Z [INFO] core: stored unseal keys supported, attempting fetch
2024-04-30T07:19:43.370Z [WARN] failed to unseal core: error="stored unseal keys are supported, but none were found"
2024-04-30T07:19:43.370Z [INFO] core: raft retry join initiated
2024-04-30T07:19:43.370Z [INFO] core: security barrier not initialized
2024-04-30T07:19:43.370Z [INFO] core: security barrier not initialized
2024-04-30T07:19:43.371Z [INFO] core: attempting to join possible raft leader node: leader_addr=https://vault.apps.tst.ocp.int
2024-04-30T07:19:43.374Z [ERROR] core: failed to get raft challenge: leader_addr=https://vault.apps.tst.ocp.int error="error during raft bootstrap init call: Put "https://vault.apps.tst.ocp.int/v1/sys/storage/raft/bootstrap/challenge": EOF"
2024-04-30T07:19:43.374Z [ERROR] core: failed to retry join raft cluster: retry=2s err="failed to get raft challenge"

Thiết kế website giá rẻ

Danh mục

Vault agent is not accessible on Openshift “core: failed to get raft challenge: leader_addr”