Vault unit not working on OKD
Summary
When deploying a mgmt cluster using okd and capm3, the vault unit fails, we can to add an SCC to handle this use case.
related references
Work in progress at !5379 (merged)
Details
⠎⠁ Kustomization/vault - HealthCheckFailed - health check failed after 73.843305ms: failed early due to stalled resources: [StatefulSet/vault/vault status: 'Failed']
✗ Command timeout exceeded
Timed-out waiting for the following resources to be ready:
IDENTIFIER STATUS REASON MESSAGE
Kustomization/sylva-system/vault InProgress Kustomization generation is 1, but latest observed
generation is -1
╰┄╴Vault/vault/vault Ready Resource is current
╰┄╴StatefulSet/vault/vault InProgress Replicas: 1/3
╰┄╴Pod/vault/vault-0 Failed Containers in CrashLoop state: bank-vaults,vault
├┄╴┬┄┄[Conditions]
┆ ├┄╴PodReadyToStartContainers True
┆ ├┄╴Initialized True
┆ ├┄╴Ready False ContainersNotReady containers with unready status: [vault bank-vaults]
┆ ├┄╴ContainersReady False ContainersNotReady containers with unready status: [vault bank-vaults]
┆ ╰┄╴PodScheduled True
╰┄╴┬┄┄[Events]
├┄╴2025-10-11 04:14:18 Normal Scheduled Successfully assigned vault/vault-0 to 00-60-2f-3181-34 04:54:00 [229/576]
├┄╴2025-10-11 04:14:19 Normal Pulling Pulling image "ghcr.io/bank-vaults/bank-vaults:v1.3
2.0"
├┄╴2025-10-11 04:14:19 Normal AddedInterface Add eth0 [100.72.4.37/23] from ovn-kubernetes
├┄╴2025-10-11 04:14:23 Normal Created Created container: config-templating
├┄╴2025-10-11 04:14:23 Normal Pulled Successfully pulled image "ghcr.io/bank-vaults/bank
-vaults:v1.32.0" in 3.907s (3.907s including waiting). Image size: 226284399 bytes.
├┄╴2025-10-11 04:14:23 Normal Started Started container config-templating
├┄╴2025-10-11 04:14:24 Normal Pulling Pulling image "docker.io/hashicorp/vault:1.13.13"
├┄╴2025-10-11 04:14:30 Normal Pulled Successfully pulled image "docker.io/hashicorp/vaul
t:1.13.13" in 5.691s (5.691s including waiting). Image size: 276884292 bytes.
├┄╴2025-10-11 04:14:36 (x2 over 6s) Normal Started Started container bank-vaults
├┄╴2025-10-11 04:15:04 (x4 over 34s) Normal Created Created container: vault
├┄╴2025-10-11 04:15:04 (x4 over 34s) Normal Started Started container vault
├┄╴2025-10-11 04:15:04 (x3 over 34s) Normal Created Created container: bank-vaults
├┄╴2025-10-11 04:15:04 (x3 over 34s) Normal Pulled Container image "ghcr.io/bank-vaults/bank-vaults:v1
.32.0" already present on machine
├┄╴2025-10-11 04:15:38 (x7 over 56s) Warning BackOff Back-off restarting failed container bank-vaults in
pod vault-0_vault(34023132-9562-41b9-9ee5-4e82ff1b066c)
├┄╴2025-10-11 04:49:43 (x200 over 35m12s) Warning BackOff Back-off restarting failed container vault in pod v
ault-0_vault(34023132-9562-41b9-9ee5-4e82ff1b066c)
╰┄╴2025-10-11 04:50:38 (x12 over 36m8s) Normal Pulled Container image "docker.io/hashicorp/vault:1.13.13"
already present on machine The statefulset logs:
root@sylva-a6:/home/sylva/sylva-core# oc logs statefulset/vault -n vault --kubeconfig management-cluster-kubeconfig
Defaulted container "vault" out of: vault, bank-vaults, config-templating (init)
chown: /vault/config/vault.json: Operation not permitted
chown: /vault/config: Operation not permitted
chown: /vault/config: Operation not permitted
Could not chown /vault/config (may not have appropriate permissions)
chown: /vault/file: Operation not permitted
chown: /vault/file: Operation not permitted