You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
VaultSaticSecret doesnt resume syncing post a Vault being sealed, and then unsealed. Vault instance is external to the cluster and was successfully unsealed.
Expected VaultSaticSecret to resume syncing post unseal.
To Reproduce
Set up a VaultConnection and VaultAuth in the operator namespace.
Create a VaultStaticSecrert using default connection and auth
Confirm secret syncing
Terminate a Vault instance
Bring back up a Vault instance
Unseal
VaultStaticSecret will report 503 Vault is sealed permanenty
Vault operator was restarted. No errors in the controller/operator logs pre or post the restart. Problem persisted for all VaultStaticSecrets.
Expected behavior
Expected VaultStaticSecret to resume post Vault becoming re-available, it seemed to stop after roughly 10 minutes but this is a best guess.
Environment
Kubernetes version: 1.30.2
Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): Bare metal / Talos Linux
Other configuration options or runtime services (istio, etc.): Traefik
vault-secrets-operator version: v1.7.1
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
I think whats happening here is the secret is being refreshed, but no event is generated if the secret already exists. Deletion of the target secret resource, post Vault's status becoming available again (i.e. successful connection and unsealed) - does seem to happen automatically.
However Ive only tested this post a connection error, whereupon I realised this, versus a 503/Vault is sealed but likely the behaviour is the same.
I've also hit this bug during a seal/unseal event.
Restarting VSO didn't help.
Deleting either the target Secret or the VaultStaticSecret will make the VaultStaticSecret start syncing successfully again.
Describe the bug
VaultSaticSecret doesnt resume syncing post a Vault being sealed, and then unsealed. Vault instance is external to the cluster and was successfully unsealed.
Expected VaultSaticSecret to resume syncing post unseal.
To Reproduce
Application deployment:
Vault operator was restarted. No errors in the controller/operator logs pre or post the restart. Problem persisted for all VaultStaticSecrets.
Expected behavior
Expected VaultStaticSecret to resume post Vault becoming re-available, it seemed to stop after roughly 10 minutes but this is a best guess.
Environment
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: