Introduction
The Vault Secrets Operator is a Kubernetes Operator that syncs secrets between Vault and Kubernetes and allows Pods to consume Vault secrets directly as native Kubernetes Secrets.
A Kubernetes Operator is a software extension that uses custom resources to manage applications hosted on Kubernetes.
Problem
Vault Secrets Operator is now GA. When trying to move from a Beta installation to GA, the following error might be thrown
Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultAuth" in version "secrets.hashicorp.com/v1beta1" ensure CRDs are installed first, resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultConnection" in version "secrets.hashicorp.com/v1beta1" ensure CRDs are installed first]
Prerequisites
- Vault Secrets Operator beta is installed
- Uninstall VSO Beta and attempt to install VSO GA
Cause
The versions for CRDs have been changed from v1alpha1 to v1beta1 in the GA release
Overview of possible solutions
Solution:
Uninstall the beta version of VSO
helm uninstall vault-secrets-operator
Delete the CRDs referencing the alpha1 version before installing the GA release of VSO
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultauths.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultconnections.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultdynamicsecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultpkisecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultstaticsecrets.yaml
Update the apiVersion in all .yaml files to:
apiVersion: secrets.hashicorp.com/v1beta1
Install Vault Kubernetes Secret Operator GA version referencing a custom values.yaml
helm install vault-secrets-operator hashicorp/vault-secrets-operator --version 0.1.0 -n vault-secrets-operator-system --values vault/vault-operator-values.yaml
Outcome
Vault Secret Operator GA is successfully installed
Additional Information
- Vault Tutorial: Vault Secrets Operator
- Vault Documentation: Vault Secrets Operator
- Vault Documentation: Installing Vault Secrets Operator