After installing Hashicorp vault on our cluster with vault secrets operator, it’s time to add keep S3 credentials on secret.
I’ve added a secret into the cluster, but moment after helm install the secret get a new owner and it’s looks like this now:
ownerReferences:
- apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
name: vault-kv-app
uid: d39043fa-560b-40b7-8ce2-2c353f00232a
- apiVersion: monitoring.grafana.com/v1alpha1
blockOwnerDeletion: true
kind: GrafanaAgent
name: loki
uid: eda13595-bb61-496d-94d1-883bb772068c
From the vault side I get error that this owner isn’t authorized and now it can’t be changed from the vault, which make it static.
few questions.
- Why GrafanaAgent take control?
- How I can avoid this?
- Any good practice to use Hashicorp vault with Loki?