Bug: Error Creating a raft cluster on OpenShift

[EyalPazz]

Describe the bug
When Installing a raft cluster like explained here https://developer.hashicorp.com/vault/docs/platform/k8s/helm/openshift, the StatfulSets pods are crashing with the following error:

Error initializing storage of type raft: error parsing config: open /vault/data/node-id: permission denied
2024-06-24T08:19:33.517Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""

also tried changing runAsNonRoot and allowPrivilegeEscalation in the server's securityContext, didn't work

To Reproduce
Steps to reproduce the behavior:

1. Have an openshift cluster
2. Run helm install vault hashicorp/vault \ --set='global.openshift=true' \ --set='server.ha.enabled=true' \ --set='server.ha.raft.enabled=true'

Expected behavior
No Errors

Environment

• Kubernetes version: 1.27
  • Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.): Openshift
  • Other configuration options or runtime services (istio, etc.): None
• vault-helm version: 0.28.0

Chart values:
defaults, only overrides are the command ones

[Filas312]

@EyalPazz not a maintainer, but did you try using values.openshift.yaml to make the install? It also sets a different server image for Vault, which is important.

IME it might be enough to use this image (registry.connect.redhat.com/hashicorp/vault:1.18.1-ubi) to run correctly; the error for /vault/data/node-id is caused either by an immutable root filesystem setting (you'd be looking at readOnlyRootFilesystem SCC part then, not necessarily allowPrivilegeEscalation/runAsNonRoot) or lack of write permissions for the UID that Vault runs as, I would assume that either would be fixed in RH image.