remove vault-manager unseal delay

Options for vault-manager were introduced to delay unsealing of recovering vault server pods until the active vault server pod would start sending heartbeats to the recovering pod. The behavior of vault server that prompted the change to vault-manager is no longer observed with vault server version 1.13.1. Remove the unsealWaitIntervals so that vault manager will unseal the recovering server immediately. Test Plan: PASS HA tests, review pods logs, election status PASS active server remains active when a pod recovers PASS no evidence of election attempts in vault server logs PASS tested also with statusCheckRate=.1 to minimize delay (default 5s gives a random-ish delay of 0-5 seconds) Story: 2010393 Task: 48236 Depends-On: https://review.opendev.org/c/starlingx/vault-armada-app/+/884553 Change-Id: Ifd73970658d6ef7a0e0ca5844b2db81d94bdde9f Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
2023-06-14 17:27:09 -04:00
parent 82478326fe
commit a49584d4f9
1 changed files with 1 additions and 0 deletions
--- a/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
+++ b/stx-vault-helm/stx-vault-helm/fluxcd-manifests/vault/vault-static-overrides.yaml
@@ -20,6 +20,7 @@ manager:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
+  unsealWaitIntervals: 0
 injector:
  enabled: true
  nodeSelector: |