Bigbang Release 3.4.1 Vault configurations not applied.
With the change to the upstream format on vault, we updated our values accordingly.
When deployed, it seems that our configurations are not applied. Specifically I noticed the seal "awskms" setting is missing.
This is the vault-vault-config configmap that is deployed.
data:
extraconfig-from-values.hcl: |-
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
# Enable unauthenticated metrics access (necessary for Prometheus Operator)
#telemetry {
# unauthenticated_metrics_access = "true"
#}
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
disable_mlock = trueThis is our base and overrides -- info redacted where necessary. Base:
addons:
vault:
enabled: false
git:
repo: https://REDACTED/vault.git
values:
upstream:
server:
serviceAccount:
# -- NOTE: SPECIFIC FOR EACH ENVIRONMENT
annotations: {}
image: repository: REDACTED/vault
injector:
image:
repository: REDACTED/vault-k8s
agentImage:
repository: REDACTED/vault
autoInit:
enabled: false
image:
repository: REDACTED/baseCluster overrides
addons:
vault:
enabled: true
values:
upstream:
server:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: REDACTED
standalone:
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
unauthenticated_metrics_access = true
}
storage "raft" {
path = "/vault/data"
}
seal "awskms" {
region = "REDACTED"
kms_key_id = "REDACTED"
}
Edited by Lucas Fyten