bstein/ananke
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

startup(ananke): unseal vault before startup gates

Browse Source
This commit is contained in:
codex 2026-04-27 07:12:21 -03:00
parent d8cff09aef
commit a3e24b9b15
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
internal/cluster/orchestrator_lifecycle.go
View File

@ -37,6 +37,14 @@ func (o *Orchestrator) Startup(ctx context.Context, opts StartupOptions) (err er
return invErr
}
o.noteStartupCheck("node-inventory", true, "inventory/user/port validation passed")
if err := o.waitForAPI(ctx, 1, time.Second); err == nil {
o.noteStartupCheckState("vault-unseal", "running", "ensuring vault is unsealed while kubernetes api is already available")
if err := o.ensureVaultUnsealed(ctx); err != nil {
o.noteStartupCheck("vault-unseal", false, err.Error())
return err
}
o.noteStartupCheck("vault-unseal", true, "vault is unsealed")
}
o.setStartupPhase("preflight-node-reachability", "waiting for ssh reachability across configured inventory")
if reachErr := o.waitForNodeInventoryReachability(ctx); reachErr != nil {
o.noteStartupCheck("node-inventory-reachability", false, reachErr.Error())
@ -179,6 +187,12 @@ func (o *Orchestrator) Startup(ctx context.Context, opts StartupOptions) (err er
}
}
o.noteStartupCheck("kubernetes-api", true, "kubernetes api reachable")
o.noteStartupCheckState("vault-unseal", "running", "ensuring vault is unsealed before startup gates")
if err := o.ensureVaultUnsealed(ctx); err != nil {
o.noteStartupCheck("vault-unseal", false, err.Error())
return err
}
o.noteStartupCheck("vault-unseal", true, "vault is unsealed")
if err := o.ensureRequiredNodeLabels(ctx); err != nil {
return err
}