Skip to content
This repository has been archived by the owner on Jun 3, 2024. It is now read-only.

camaeel/vault-k8s-helper

BranchesTags

Repository files navigation

vault-k8s-helper

DEPRECATION NOTICE

This project is deprecated and is superseeded by vault-autounseal-operator!

Description

Helper application for managing vault with Raft storage & TLS in kubernetes clusters.

Takes care of following aspects:

  • preparing a certificate for vault pods signed by cluster CA
  • initializing a new cluster
  • joining raft nodes to the first node
  • automatic unsealing existing cluster

Application consists of 2 commands:

  1. setup-tls - creates certificates for vault cluster signed by cluster's CA
  2. vault-autounseal - initialzies, stores secrets and unseals vault.

Helm chart usage

Helm must be installed to use the charts. Please refer to Helm's documentation to get started.

Once Helm has been set up correctly, add the repo as follows:

helm repo add vault-k8s-helper https://camaeel.github.io/vault-k8s-helper

If you had already added this repo earlier, run helm repo update to retrieve the latest versions of the packages. You can then run helm search repo vault-k8s-helper to see the charts.

Helm repository has 2 helm charts:

  1. vault-cert-creator - which installs setup-tls tool and provides secrets for the vault. It will also renew certificates if they are near to be expired
  2. vault-autounseal - this chart sets up vault-autounseal utility which is responsible for initializing and establishing a new cluster and unsealing sealed pods.

Setup

Installation

Prefered way of instalation is using helm charts. Simplest setup can be achieved using following steps:

  1. Install setup-tls: 
    helm upgrade --install -n vault --create-namespace vault-cert-creator vault-cert-creator --repo https://camaeel.github.io/vault-k8s-helper/
  2. Install vault 
    helm upgrade --install -n vault --create-namespace vault vault --repo https://helm.releases.hashicorp.com/ --version 0.24.0 -f example/vault/vault-values.yaml
  3. Install vault-autounseal 
    helm upgrade --install -n vault-autounseal --create-namespace vault-autounseal vault-autounseal --repo https://camaeel.github.io/vault-k8s-helper/

Root token

To obtain root token you can: kubectl get secret -ojson -n vault-autounseal vault-autounseal-root-token | jq -r '.data.token' | base64 -d

Configuration

Vault client library used in vault-autounseal can be also configured using vault's env variables: https://github.com/hashicorp/vault/blob/api/v1.8.2/api/client.go#L36

About

Helper application for managing vault

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases 25

vault-autounseal-1.1.5 Latest
Jan 13, 2024
+ 24 releases

Packages

 
 
 

Contributors 4

  •  
  •  
  •  
  •  

Languages