Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP Error 400 when using Kong Ingress #1057

Open
zavertiaev opened this issue Sep 17, 2024 · 0 comments
Open

HTTP Error 400 when using Kong Ingress #1057

zavertiaev opened this issue Sep 17, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@zavertiaev
Copy link

Describe the bug
Vault is deployed in HA mode with ingress enabled. When attempting to access the ingress URL, we receive an HTTP ERROR 400.

Environment

  • Kubernetes version: v1.30.4
    • Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): bare metal
    • Other configuration options or runtime services (istio, etc.): kong (helm chart 2.40.0)
  • vault-helm version: 0.28.1

Chart values:

global:
  enabled: true
  tlsDisable: false
injector:
  enabled: false
server:
  resources:
    requests:
      memory: 256Mi
      cpu: 250m
    limits:
      memory: 512Mi
      cpu: 500m
  ingress:
    enabled: true
    annotations:
      konghq.com/protocols: "https"
    ingressClassName: kong
    hosts:
      - host: vault.example.com
    tls:
      - secretName: vault-tls
        hosts:
          - vault.example.com
  readinessProbe:
    enabled: true
    path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
  livenessProbe:
    enabled: true
    path: "/v1/sys/health?standbyok=true"
    initialDelaySeconds: 60
  extraEnvironmentVars:
    VAULT_CACERT: /vault/userconfig/vault-ha-tls/vault.ca
    VAULT_TLSCERT: /vault/userconfig/vault-ha-tls/vault.crt
    VAULT_TLSKEY: /vault/userconfig/vault-ha-tls/vault.key
  volumes:
    - name: userconfig-vault-ha-tls
      secret:
        defaultMode: 420
        secretName: vault-ha-tls
  volumeMounts:
    - mountPath: /vault/userconfig/vault-ha-tls
      name: userconfig-vault-ha-tls
      readOnly: true
  dataStorage:
    enabled: true
  auditStorage:
    enabled: true
  standalone:
    enabled: false
  ha:
    enabled: true
    raft:
      enabled: true
      setNodeId: true
      config: |
        ui = true
        cluster_name = "vault-integrated-storage"
        listener "tcp" {
          tls_disable = 0
          address = "[::]:8200"
          cluster_address = "[::]:8201"
          tls_cert_file = "/vault/userconfig/vault-ha-tls/vault.crt"
          tls_key_file  = "/vault/userconfig/vault-ha-tls/vault.key"
          tls_client_ca_file = "/vault/userconfig/vault-ha-tls/vault.ca"
          tls_disable_client_certs = "true"
        }
        storage "raft" {
          path = "/vault/data"
        }
        service_registration "kubernetes" {}
ui:
  enabled: true
csi:
  enabled: true
  resources:
    requests:
      memory: 128Mi
      cpu: 50m
    limits:
      memory: 128Mi
      cpu: 50m
@zavertiaev zavertiaev added the bug Something isn't working label Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zavertiaev