https://www.404-code-not-found.com/tags/openshift/Recent content in Openshift on 404 Code Not FoundHugoen-usThu, 11 Jun 2026 08:00:00 -0600https://www.404-code-not-found.com/posts/vault-on-openshift-hcp-autounseal/Thu, 11 Jun 2026 08:00:00 -0600https://www.404-code-not-found.com/posts/vault-on-openshift-hcp-autounseal/<h2 id="introduction">Introduction</h2> <p>I recently set up a three-node Vault Enterprise HA cluster on OpenShift, using HCP Vault as the auto-unseal provider via the transit secrets engine. On paper this is a straightforward combination of well-documented features. In practice, it was a series of traps — some subtle, some spectacular — that took multiple sessions to fully work through.</p> <p>This post covers the four main challenge areas I hit: getting <code>IPC_LOCK</code> right on OpenShift, wiring up the auto-unseal token flow securely, managing Raft quorum safely during rolling updates, and working around a reconciliation bug in Vault Secrets Operator. I&rsquo;ll focus on what caught me off guard and what the correct solution looks like.</p>