From b958a13c768b2476f1d484bef804e1b02111b868 Mon Sep 17 00:00:00 2001
From: Masaki Yatsu <yatsu@yatsu.info>
Date: Thu, 20 Nov 2025 22:50:11 +0900
Subject: [PATCH] fix(vault): wait pod before initializing

---
 vault/justfile | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/vault/justfile b/vault/justfile
index ad96f27..7cc9f59 100644
--- a/vault/justfile
+++ b/vault/justfile
@@ -74,7 +74,7 @@ delete-namespace:
 # Install Vault
 install: check-env
     #!/bin/bash
-    set -euo pipefail
+    set -eu
     just create-namespace
     just add-helm-repo
     gomplate -f vault-values.gomplate.yaml -o vault-values.yaml
@@ -85,6 +85,21 @@ install: check-env
     kubectl wait pod --for=condition=PodReadyToStartContainers \
         -n ${K8S_VAULT_NAMESPACE} vault-0 --timeout=5m
 
+    # Wait for Vault service to be ready to accept connections
+    echo "Waiting for Vault service to be ready..."
+    for i in {1..30}; do
+        if kubectl exec -n ${K8S_VAULT_NAMESPACE} vault-0 -- \
+            vault status 2>&1 | grep -qE "(Initialized|Sealed)"; then
+            echo "✓ Vault service is ready"
+            break
+        fi
+        if [ $i -eq 30 ]; then
+            echo "Error: Timeout waiting for Vault service to be ready"
+            exit 1
+        fi
+        sleep 3
+    done
+
     init_output=$(kubectl exec -n ${K8S_VAULT_NAMESPACE} vault-0 -- \
         vault operator init -key-shares=1 -key-threshold=1 -format=json || true)