Vault container version 1.4.X long startup time (2min) #9305
Description
Describe the bug
When moving from v. 1.3.6 to 1.4.X, the vault server in the container takes 2 minutes to come up.
Here are some logs of version 1.4.2 (same in 1.4.0):
$ stern vault
+ vault-0 › vault
+ vault-0 › vault-init
vault-0 vault-init 2020/06/23 23:17:19 Starting the vault-init service...
vault-0 vault-init 2020/06/23 23:17:19 Get http://127.0.0.1:8200/v1/sys/health: dial tcp 127.0.0.1:8200: connect: connection refused
vault-0 vault-init 2020/06/23 23:17:49 Get http://127.0.0.1:8200/v1/sys/health: dial tcp 127.0.0.1:8200: connect: connection refused
vault-0 vault-init 2020/06/23 23:18:19 Get http://127.0.0.1:8200/v1/sys/health: dial tcp 127.0.0.1:8200: connect: connection refused
vault-0 vault-init 2020/06/23 23:18:49 Get http://127.0.0.1:8200/v1/sys/health: dial tcp 127.0.0.1:8200: connect: connection refused
vault-0 vault-init 2020/06/23 23:19:19 Get http://127.0.0.1:8200/v1/sys/health: dial tcp 127.0.0.1:8200: connect: connection refused
vault-0 vault ==> Vault server configuration:
vault-0 vault
vault-0 vault AWS KMS KeyID: <redacted>
vault-0 vault AWS KMS Region: us-east-2
...
Here it is in version 1.3.6:
+ vault-0 › vault
+ vault-0 › vault-init
vault-0 vault ==> Vault server configuration:
vault-0 vault
vault-0 vault AWS KMS KeyID: <redacted>
vault-0 vault AWS KMS Region: us-east-2
...
You can see that in version 1.4.2, our vault-init container sits and waits 2mins for the vault server to come up in order to connect to it. In version 1.3.6 it comes up instantly.
To Reproduce
Run vault with version 1.4.X
Expected behavior
Vault to startup immediately
Environment:
- Vault Server Version (retrieve with
vault status): 1.4.2 - Vault CLI Version (retrieve with
vault version): Vault v1.4.2 - Server Operating System/Architecture: Kubernetes/Docker/Linux
Vault server configuration file(s):
api_addr = <redacted>
cluster_addr = "https://$(POD_IP_ADDR):8201"
log_level = "warn"
ui = true
seal "awskms" {
region = "${region}"
kms_key_id = "${kms_key_id}"
}
storage "s3" {
region = "${region}"
bucket = "${bucket_name}"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = "true"
}
listener "tcp" {
address = "$(POD_IP_ADDR):8200"
tls_cert_file = "/etc/vault/tls/vault.crt"
tls_key_file = "/etc/vault/tls/vault.key"
tls_disable_client_certs = true
}