Skip to content
/ vault-init Public

Helm chart to deploy a ready-to-go Vault server on Red Hat OpenShift

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

openshift-vault-integration/vault-init

BranchesTags

Repository files navigation

Vault Init

Helm chart to deploy a ready-to-go Vault server on Red Hat OpenShift.

This chart extends the official Vault Helm Chart to include an init script which does the following:

  • Initialize Vault server
  • Save recovery keys and root key to k8s secret
  • Unseal Vault server pods using the k8s secret on pod startup
  • Configure Kubernetes auth engine for the local cluster
  • Add a policy that allows k8s namespaces to only access secrets prefixed with the namespace name

For HA deployments only:

  • Join Vault server replicas with Raft

Deploying

To deploy a standalone Vault server (1 replica), clone this repo and run:

# Replace VAULT_SERVER_HOSTNAME with the hostname Vault should be deployed to
export VAULT_SERVER_HOSTNAME="vault.apps.change-me.com"
make install

To deploy a highly-available Vault server (3 replicas), clone this repo and run:

# Replace VAULT_SERVER_HOSTNAME with the hostname Vault should be deployed to
export VAULT_SERVER_HOSTNAME="vault.apps.change-me.com"
make install-ha

Troubleshooting

⚠️ You may see PostStartHookError events after installing. This should fix itself once all of the pods are ready. If the errors persist for more than 1 minute, you likely have an actual problem.

About

Helm chart to deploy a ready-to-go Vault server on Red Hat OpenShift

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages