Comments (2)
Hello @ohaiwalt,
The incubator chart is much older than Vault Helm and has a few extra features. We're always planning more to do here.
From what I can tell at a glance, the incubator chart uses a Deployment and also includes a sidecar Consul client, but this chart uses a StatefulSet
We chose to use a StatefulSet because we offer multiple Vault pods. Deployments with PVCs cannot be scaled because each new pod will mount the same PVC. This means in the future when Raft storage is generally available, multiple Vault servers using a deployment won't be able to scale beyond a single instance. StatefulSets, however, use volumeClaimTemplates
and each new pod will get a unique PVC. In the future when Vault Enterprise is supported, multiple Vault pods will also support replication.
and doesn't appear to include the Consul client
Currently we don't add Consul client to our deployment because the Consul Helm project creates a Consul client as a Daemonset on each Kubernetes worker node. This means that Vault can just use the Consul client local to the worker node its running on. If you desire a Consul client, however, we do offer the server.extraContainers
configurable that allows you to add any extra containers you may need.
Hope that provides extra context. I may turn this into additional documentation.
from vault-helm.
Thanks @jasonodonnell! That's great info.
While we are running the Consul Helm chart, we aren't using the Daemonset Consul clients because we only use Consul for Vault at this time. I'll see about making use of the servers.extraContainers
block to meet my needs there.
from vault-helm.
Related Issues (20)
- Latest vault helm chart (0.27.0) does not work with GCPCKMS
- Add a way to create Secrets in the values.yaml
- allow to pin IPs of vault services HOT 3
- json formatted server config converts to a freak vault-config k8s secret which is both hcl and json
- Chart prevents synchronisation with ArgoCD when using custom sync label HOT 3
- Add support to external Vault running with tls HOT 2
- Configuring vault ha with raft and ingress HOT 1
- [Feature] Allow the vault sidecar injector to be configured to point to the vault-active service
- Server side apply does not properly render volumeClaimTemplates
- Access denied to helm.releases.hashicorp.com HOT 2
- Test.dockerfile throwing an error while building. HOT 1
- Agent Injector on EKS is not working. HOT 4
- Prometheus metrics disappear in HA setup when all Vault pods are sealed
- Please release a new version of helm chart with the current vault versions HOT 4
- Ability to have top level label on StatefullSet
- Cannot use HOSTNAME env var in VAULT_API_ADDR env var
- helm value server.logLevel does not set the log level but just logs all entries using this value
- Sidecar agent in CSI can't estabish a TLS connection with an external vault using a custom CA
- Deploying vault on OCI gives seal type Shamir not OCIKMS HOT 1
- Tests Assert that HA Should not be able to set the dataStorage StorageClass
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-helm.