Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gather details for feature requests #239

Closed
ramizpolic opened this issue Oct 19, 2023 · 4 comments
Closed

Gather details for feature requests #239

ramizpolic opened this issue Oct 19, 2023 · 4 comments
Assignees
@akijakya

Comments

@ramizpolic
Copy link
Member

ramizpolic commented Oct 19, 2023
edited
Loading

#149
#231
and any other requested
@sando38
Copy link

sando38 commented Oct 23, 2023
edited
Loading

Hello there,

The HashiCorp's helm-chart in HA mode provides a service, which only points to the "active" vault pod:
https://github.com/hashicorp/vault-helm/blob/main/templates/server-ha-active-service.yaml

This is useful for example for the UI, as the service from the operator's vault CR currently directs to inactive pods as well, which cannot be used for UI purposes.

If it is supported differently, then I am happy for any hint from your side ;)

Thanks in advance and wish you a great day
saarko

Update/P.S.

When I switched to vault version 1.15.0, it appears, that the networking "issue" with the vault UI disappeared.

@sando38
Copy link

sando38 commented Oct 24, 2023

Second question/ feature request:

When using templates with the vault-agent as in the example in your documentation:

    template {
      contents = <<EOH
        {{- with secret "database/creds/readonly" }}
        username: {{ .Data.username }}
        password: {{ .Data.password }}
        {{ end }}
      EOH
      destination = "/etc/secrets/config"
      command     = "/bin/sh -c \"kill -HUP $(pidof vault-demo-app) || true\""
    }

I get the following error:

2023-10-24T01:14:00.384Z [ERROR] agent.template.server: template server error: error="error rendering \"(dynamic)\" => \"/etc/secrets/settings.json\": failed writing file: mkdir /etc/secrets: permission denied"

If I use the path /vault/secrets it works out of the box. From the generated manifests I can see, that a volume like this is generated

    volumeMounts:
      - name: agent-secrets
        mountPath: /vault/secrets
  volumes:
    - name: agent-secrets
      emptyDir:
        medium: Memory

Would it be possible to make the path for the volumeMount agent-secrets configurable with an environment variable/ annotation?

@akijakya
Copy link
Member

Hi, @sando38, thanks for using Bank-Vaults! Please add these as separate issues to the project so we can track them independently. Meanwhile, we are taking a look at the problem!

@sando38
Copy link

sando38 commented Oct 26, 2023

Hi, @sando38, thanks for using Bank-Vaults! Please add these as separate issues to the project so we can track them independently. Meanwhile, we are taking a look at the problem!

Thanks! Will do so. And thanks for offering bank vaults!

@sando38 sando38 mentioned this issue Oct 26, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akijakya akijakya

Labels
None yet
Projects
Project backlog
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ramizpolic @akijakya @sando38