Improve Vault pod rotation (!2084) · Merge requests · GitLab.com / GitLab Infrastructure Team / Kubernetes Workloads / GitLab Helmfiles · GitLab

Filipe Santos requested to merge vault-fix-rotation into master Apr 30, 2023

What

Improves Vault pod rotation.

Switch readinessProbe to HTTP (instead of vault status exec)
Reduce readiness probe interval to 3 seconds (vs 5)
Increase readiness initialDelaySeconds to give the pods some more time to initialize
Increase terminationGracePeriodSeconds to 30 seconds
Fix listeners to be IPv4 (no IPv6 in the pod/cluster)
Set externalTrafficPolicy to Local
Forward internal ui requests to all ready pods (no just leader)
Increase internal endpoint DNS TTL to 1h

Why

Reduce client errors during upgrades and rotations.

gitlab-com/gl-infra/production#8761 (closed)

Edited Apr 30, 2023 by Filipe Santos