Does Vault seal itself in HA?

In my kubernetes cluster I have a Vault deployment running, but every so often it seals itself. I presume this is because kubernetes restarted the pod because of an update or something else. If i were to use vault for production configuration the damage of itself sealing would be disastrous to say the least.

So I was wondering if this would also happen in HA mode?

I tried looking at the docs, but i could only find auto unseal for Azure Google and AWS while i run in digital ocean. How can i prevent this from happening?

Solution

Yes this would also happen in HA because the pod restart would re-seal that specific Vault server cluster member. In Vault HA the unsealing occurs after joining the Vault cluster, and thus unsealing occurs per server, and not per cluster.
Auto-unsealing for Vault on Kubernetes is not super great actually. You basically have two options:

Use another Vault cluster with the Transit secrets engine to specifically auto-unseal the primary Vault cluster: https://developer.hashicorp.com/vault/tutorials/auto-unseal/autounseal-transit
Use a custom solution to trigger transmitting the unseal keys to Vault whenever there is a pod restart (custom software bindings etc.). In this situation you still need to securely store the unseal keys somewhere, and then you return back to the first option with the Transit engine.

Note a first-party Vault operator will be released in beta very soon and may provide some relief, but the additional functionality there will primarily be for injecting secrets into workloads.