Name: vault-0 Namespace: vault Priority: 0 Node: ip-10-234-0-222.ec2.internal/10.234.0.222 Start Time: Fri, 24 Apr 2020 21:12:08 +0000 Labels: app.kubernetes.io/instance=vault app.kubernetes.io/name=vault component=server controller-revision-hash=vault-7fccbf44c4 helm.sh/chart=vault-0.5.0 statefulset.kubernetes.io/pod-name=vault-0 vault-active=false vault-initialized=false vault-perf-standby=false vault-sealed=true vault-version=1.4.0 Annotations: kubernetes.io/psp: eks.privileged Status: Running IP: 10.234.0.205 IPs: Controlled By: StatefulSet/vault Containers: vault: Container ID: docker://3bef488f3c760f68a38e6a5a2dd820e5e24fa571f08c3439fe5303169d36cea9 Image: /vault:1.4.0 Image ID: docker-pullable:///vault@sha256:b8c73943dd14c56dda07500274232daca304d34598ed2cdbe0b6919bce9d72e3 Ports: 8200/TCP, 8201/TCP, 8202/TCP Host Ports: 0/TCP, 0/TCP, 0/TCP Command: /bin/sh -ec Args: sed -E "s/HOST_IP/${HOST_IP?}/g" /vault/config/extraconfig-from-values.hcl > /tmp/storageconfig.hcl; sed -Ei "s/POD_IP/${POD_IP?}/g" /tmp/storageconfig.hcl; /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl State: Running Started: Fri, 24 Apr 2020 21:17:23 +0000 Last State: Terminated Reason: Error Exit Code: 137 Started: Fri, 24 Apr 2020 21:16:05 +0000 Finished: Fri, 24 Apr 2020 21:17:23 +0000 Ready: False Restart Count: 4 Limits: cpu: 250m memory: 256Mi Requests: cpu: 250m memory: 256Mi Liveness: http-get http://:8200/v1/sys/health%3Fstandbyok=true delay=60s timeout=5s period=3s #success=1 #failure=3 Readiness: exec [/bin/sh -ec vault status -tls-skip-verify] delay=5s timeout=5s period=3s #success=1 #failure=2 Environment: HOST_IP: (v1:status.hostIP) POD_IP: (v1:status.podIP) VAULT_K8S_POD_NAME: vault-0 (v1:metadata.name) VAULT_K8S_NAMESPACE: vault (v1:metadata.namespace) VAULT_ADDR: http://127.0.0.1:8200 VAULT_API_ADDR: http://$(POD_IP):8200 SKIP_CHOWN: true SKIP_SETCAP: true HOSTNAME: vault-0 (v1:metadata.name) VAULT_CLUSTER_ADDR: https://$(HOSTNAME).vault-internal:8201 AWS_ROLE_ARN: arn:aws:iam::XXXXXXXXXX:role/vault-kms AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token Mounts: /var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro) /var/run/secrets/kubernetes.io/serviceaccount from vault-token-ttpwq (ro) /vault/config from config (rw) /vault/data from data (rw) Conditions: Type Status Initialized True Ready False ContainersReady False PodScheduled True Volumes: aws-iam-token: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 86400 data: Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) ClaimName: data-vault-0 ReadOnly: false config: Type: ConfigMap (a volume populated by a ConfigMap) Name: vault-config Optional: false vault-token-ttpwq: Type: Secret (a volume populated by a Secret) SecretName: vault-token-ttpwq Optional: false QoS Class: Guaranteed Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 6m1s default-scheduler Successfully assigned vault/vault-0 to ip-10-234-0-222.ec2.internal Normal Pulled 5m56s kubelet, ip-10-234-0-222.ec2.internal Container image "/vault:1.4.0" already present on machine Normal Created 5m56s kubelet, ip-10-234-0-222.ec2.internal Created container vault Normal Started 5m56s kubelet, ip-10-234-0-222.ec2.internal Started container vault Warning Unhealthy 4m53s (x2 over 4m56s) kubelet, ip-10-234-0-222.ec2.internal Liveness probe failed: Get http://10.234.0.205:8200/v1/sys/health?standbyok=true: dial tcp 10.234.0.205:8200: connect: connection refused Warning Unhealthy 54s (x93 over 5m48s) kubelet, ip-10-234-0-222.ec2.internal Readiness probe failed: Error checking seal status: Get http://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connect: connection refused