I'm trying to set up an autosealing vault cluster in kubernetes but I'm seeing some strange behaviour.
I have one vault providing the transit secret to autounseal the second vault . They are running in the same k8s cluster in separate namespaces. The second vault runs within a pod with an auto start script (see below) but when it runs vault init hangs and eventually returns a 2 code (timeout) despite the vault instance is successfully initialized and unsealed.
The problem is that I'm trying to init the second vault with a post-start script in its pod and the error code 2 breaks the pod.
Has anyone seen similar behaviour or can help solving it?
apiVersion: v1 kind: ConfigMap metadata: name: post-start data: post-start.sh: | #!/bin/sh #redirect stdout and stderr to kube logs # exec &> /proc/1/fd/1 export VAULT_CLIENT_TIMEOUT=240 echo $VAULT_CLIENT_TIMEOUT > /proc/1/fd/1 nc -z 127.0.0.1 8200 while [ $? = 1 ]; do sleep 2 nc -z 127.0.0.1 8200 done echo "port 8200 ready" > /proc/1/fd/1 vault init