test_encryption_at_rest: k8s-master never settles when vault is added post-deploy
Bug #1893278 reported by
Kevin W Monroe
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Charmed Kubernetes Testing |
Fix Released
|
High
|
Cory Johns | ||
Bug Description
CI deploys stock Charmed K8s. When we run test_encryption
waiting: Waiting for encryption info from Vault to secure secrets
I'm guessing this is because ck 1.19 now includes an identity encryption provider even when vault isn't present (to pass the CIS k8s benchmark). Perhaps vault can't mount the encrypted_
| Changed in charmed-kubernetes-testing: | |
| assignee: | nobody → Kevin W Monroe (kwmonroe) |
Revision history for this message
| Cory Johns (johnsca) wrote | #1 |
| Changed in charmed-kubernetes-testing: | |
| importance: | Undecided → High |
| milestone: | none → 1.19 |
Revision history for this message
| Cory Johns (johnsca) wrote | #2 |
| Changed in charmed-kubernetes-testing: | |
| assignee: | Kevin W Monroe (kwmonroe) → Cory Johns (johnsca) |
| status: | New → In Progress |
| Changed in charmed-kubernetes-testing: | |
| status: | In Progress → Fix Committed |
| Changed in charmed-kubernetes-testing: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
That error means it's not getting the expected relation data from Vault (or the flags driven by that data are not being set properly). I've usually seen this when deploying on AWS without a single-subnet VPC due to the ongoing issue discussed in this stuck PR: https:/
There may be other causes for it, though.