Vault Secrets Operator installation failure when upgrading from Beta to GA – HashiCorp Help Center

Introduction

The Vault Secrets Operator is a Kubernetes Operator that syncs secrets between Vault and Kubernetes and allows Pods to consume Vault secrets directly as native Kubernetes Secrets.

A Kubernetes Operator is a software extension that uses custom resources to manage applications hosted on Kubernetes.

Problem

Vault Secrets Operator is now GA. When trying to move from a Beta installation to GA, the following error might be thrown

Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultAuth" in version "secrets.hashicorp.com/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "default" namespace: "vault-secrets-operator-system" from "": no matches for kind "VaultConnection" in version "secrets.hashicorp.com/v1beta1"
ensure CRDs are installed first]

Prerequisites

Vault Secrets Operator beta is installed
Uninstall VSO Beta and attempt to install VSO GA

Cause

The versions for CRDs have been changed from v1alpha1 to v1beta1 in the GA release

Overview of possible solutions

Solution:

Uninstall the beta version of VSO

helm uninstall vault-secrets-operator

Delete the CRDs referencing the alpha1 version before installing the GA release of VSO

❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultauths.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultconnections.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultdynamicsecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultpkisecrets.yaml
❯ kubectl delete -f https://raw.githubusercontent.com/hashicorp/vault-secrets-operator/v0.1.0-beta.1/chart/crds/secrets.hashicorp.com_vaultstaticsecrets.yaml

Update the apiVersion in all .yaml files to:

apiVersion: secrets.hashicorp.com/v1beta1

Install Vault Kubernetes Secret Operator GA version referencing a custom values.yaml

helm install vault-secrets-operator hashicorp/vault-secrets-operator --version 0.1.0 -n vault-secrets-operator-system --values vault/vault-operator-values.yaml

Outcome

Vault Secret Operator GA is successfully installed

Additional Information

Vault Tutorial: Vault Secrets Operator
Vault Documentation: Vault Secrets Operator
Vault Documentation: Installing Vault Secrets Operator