In my kubernetes cluster I have a Vault deployment running, but every so often it seals itself. I presume this is because kubernetes restarted the pod because of an update or something else. If i were to use vault for production configuration the damage of itself sealing would be disastrous to say the least.
So I was wondering if this would also happen in HA mode?
I tried looking at the docs, but i could only find auto unseal for Azure Google and AWS while i run in digital ocean. How can i prevent this from happening?
Yes this would also happen in HA because the pod restart would re-seal that specific Vault server cluster member. In Vault HA the unsealing occurs after joining the Vault cluster, and thus unsealing occurs per server, and not per cluster.
Auto-unsealing for Vault on Kubernetes is not super great actually. You basically have two options:
Note a first-party Vault operator will be released in beta very soon and may provide some relief, but the additional functionality there will primarily be for injecting secrets into workloads.