K
Q

Hashicorp Vault: Is it possible to make edits to pre-existing server configuration file?

9/7/2018

I have a Kubernetes cluster which utilizes Vault secrets. I am attempting to modify the conf.hcl that was used to establish Vault. I went into the pod which contains Vault, and appended:

max_lease_ttl = "999h" 
default_lease_ttl = "999h"

I did attempt to apply the changes using the only server option available according to the documentation, but failed due to it already being established:

vault server -config conf.hcl
Error initializing listener of type tcp: listen tcp4 0.0.0.0:8200: bind: address already in use
-- Brian Johnson
devops
hashicorp-vault
kubernetes

Similar Questions

Pre-populating Local SSD disk in GCP Kubernetes for readonly multipods usage
What Kubernetes service/pod is supposed to be listening on port 6784?
Named arguments not getting picked up from my kubernetes template
GCE VM cannot SSH to the new GCE VM it has just created in a different project
Can I execute a prestop hook only before deletion?
Helm upgrade of MongoDB having a Primary-Secondary-Arbiter architecture, is there downtime?
Unable to access application on pod on minikube
MetalLB-FRR-BGP route loop?

1 Answer

9/7/2018

You can't reinitialize in the pod since it's the port is already bound on the containers (Vault is already running there).

You need to restart the pod/deployment with a new config. Not sure how your Vault deployment is configured but the config could be in the container itself, or in some mounted volume or perhaps a ConfigMap.

-- Rico
Source: StackOverflow