[DEFECT] Trousseau daemonset crash #274
Labels
bug
Something isn't working
Comments
|
Thank you for your issue. Supporting only KMSv1, the Trousseau project is no longer suitable for use except for educational purposes. There are other options available like:
Cheers, Note that I am not part of the Ondat org anymore, but I feel that I should provide the community with answers. |
|
Apologies. I should have mentioned the version. I'm using k8s 1.23.7 version. So its kms v1 only. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue template is used for reporting defects or support issues.
Title: KubeAPI server crash when Trousseau fails due to token expiry or config issue. Using Trousseau v1.1.3
Detailed Description
I encrypted a few of my Kubernetes clusters with Trousseau, and it was successful. However, when the token to Vault expired, the Trousseau DaemonSet crashed, and along with it, the Kube API server also stopped running. This issue occurs on all the master nodes.
I tried to test this in a development cluster but I mistakenly passed the wrong argument in the Listen address in the Trousseau DaemonSet configuration. Although the token wasn't expired at that time, the Kube API server still crashed along with the Trousseau DaemonSet.
Expected Behavior
I'm not sure what the expected behavior should be, but an issue with the Trousseau DaemonSet shouldn't break the cluster/API server.
Current Behavior
The Trousseau DaemonSet crashes along with the Kube API server.
Steps to Reproduce
1.Encrypt the etcd cluster using Trousseau and Vault.
2.Let the Vault token expire for Trousseau access or introduce an error in the DaemonSet configuration and apply the changes.
Context (Environment)
We are unable to bring back the cluster as we can't instruct the Kube API server.
Kindly let me know if there are any other details that you require.
Possible Solution/Implementation
Possible PR
The text was updated successfully, but these errors were encountered: