I'm trying to set up an autosealing vault cluster in kubernetes but I'm seeing some strange behaviour.
I have one vault providing the transit secret to autounseal the second vault . They are running in the same k8s cluster in separate namespaces. The second vault runs within a pod with an auto start script (see below) but when it runs vault init hangs and eventually returns a 2 code (timeout) despite the vault instance is successfully initialized and unsealed.
The problem is that I'm trying to init the second vault with a post-start script in its pod and the error code 2 breaks the pod.
Has anyone seen similar behaviour or can help solving it?
apiVersion: v1
kind: ConfigMap
metadata:
name: post-start
data:
post-start.sh: |
#!/bin/sh
#redirect stdout and stderr to kube logs
# exec &> /proc/1/fd/1
export VAULT_CLIENT_TIMEOUT=240
echo $VAULT_CLIENT_TIMEOUT > /proc/1/fd/1
nc -z 127.0.0.1 8200
while [ $? = 1 ]; do
sleep 2
nc -z 127.0.0.1 8200
done
echo "port 8200 ready" > /proc/1/fd/1
vault init