Introduction
The Vault Secrets Operator is a Kubernetes Operator that syncs secrets between Vault and Kubernetes and allows Pods to consume Vault secrets directly as native Kubernetes Secrets.
A Kubernetes Operator is a software extension that uses custom resources to manage applications hosted on Kubernetes.
Problem
Vault Secrets Operator is now GA. When trying to move from a Beta installation to GA, the following error might be thrown
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultAuth" in version "secrets.hashicorp.com/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultConnection" in version "secrets.hashicorp.com/v1beta1" ensure CRDs are installed first]
Prerequisites
- Vault Secrets Operator beta is installed
- Uninstall VSO Beta and attempt to install VSO GA
Cause
The versions for CRDs have been changed from 'v1alpha1' to 'v1beta1' in the GA release
Overview of possible solutions
Uninstall the beta version of VSO
helm uninstall vault-secrets-operator
Delete the CRDs referencing the alpha1 version before installing the GA release of VSO
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultauths.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultconnections.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultdynamicsecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultpkisecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultstaticsecrets.yaml
Update the apiVersion in all .yaml files to:
apiVersion: secrets.hashicorp.com/v1beta1
Install Vault Kubernetes Secret Operator GA version referencing a custom values.yaml
helm install vault-secrets-operator hashicorp/vault-secrets-operator --version 0.1.0 -n vault-secrets-operator-system --values vault/vault-operator-values.yaml
Outcome
Vault Secret Operator GA is successfully installed
Additional Information
- Vault Tutorial: Vault Secrets Operator
- Vault Documentation: Vault Secrets Operator
- Vault Documentation: Installing Vault Secrets Operator