After installing Hashicorp vault on our cluster with vault secrets operator, it’s time to add keep S3 credentials on secret.
I’ve added a secret into the cluster, but moment after
helm install the secret get a new owner and it’s looks like this now:
ownerReferences: - apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultStaticSecret name: vault-kv-app uid: d39043fa-560b-40b7-8ce2-2c353f00232a - apiVersion: monitoring.grafana.com/v1alpha1 blockOwnerDeletion: true kind: GrafanaAgent name: loki uid: eda13595-bb61-496d-94d1-883bb772068c
From the vault side I get error that this owner isn’t authorized and now it can’t be changed from the vault, which make it static.
- Why GrafanaAgent take control?
- How I can avoid this?
- Any good practice to use Hashicorp vault with Loki?