Comments (4)
billimek
commented on July 22, 2024
It may be possible to adapt the transit unseal type for something like this. I wrote some instructions for setting this up in my homelab cluster if you want to see an implementation that could be adapted.
Based on my experimentation, running a second transit vault server in the same cluster/failure domain may not be a great experience.
from vault-helm.
billimek
commented on July 22, 2024
Ah, I think you are looking specifically at a way to have more resiliency with the vault server itself and not necessarily solving sealing issues. My suggestion may not solve the ask, apologies!
from vault-helm.
msidd111
commented on July 22, 2024
@billimek That's right. I am looking to have more resiliency with the vault server and file storage.
from vault-helm.
jasonodonnell
commented on July 22, 2024
Hi @msidd111,
The file storage is not meant for HA deployments and should be used for a single instance of Vault. That being said there's a new storage type that's currently in tech preview: raft. This allows Vault to run in a cluster mode but uses a persistent volume for storage. Note that this is a tech preview and is not suitable for production at this time. Vault Helm is being adapted to support this storage type soon: #58
If resiliency is your requirement, you'll want an HA deployment (Vault Helm supports Consul out of the box for HA mode).
Just FYI, Vault Enterprise supports replication but Vault Helm does not yet support Vault Enterprise.
from vault-helm.
Related Issues (20)
- Latest vault helm chart (0.27.0) does not work with GCPCKMS
- Add a way to create Secrets in the values.yaml
- allow to pin IPs of vault services HOT 3
- json formatted server config converts to a freak vault-config k8s secret which is both hcl and json
- Chart prevents synchronisation with ArgoCD when using custom sync label HOT 3
- Add support to external Vault running with tls HOT 2
- Configuring vault ha with raft and ingress HOT 1
- [Feature] Allow the vault sidecar injector to be configured to point to the vault-active service
- Server side apply does not properly render volumeClaimTemplates
- Access denied to helm.releases.hashicorp.com HOT 2
- Test.dockerfile throwing an error while building. HOT 1
- Agent Injector on EKS is not working. HOT 4
- Prometheus metrics disappear in HA setup when all Vault pods are sealed
- Please release a new version of helm chart with the current vault versions HOT 4
- Ability to have top level label on StatefullSet
- Cannot use HOSTNAME env var in VAULT_API_ADDR env var
- helm value server.logLevel does not set the log level but just logs all entries using this value
- Sidecar agent in CSI can't estabish a TLS connection with an external vault using a custom CA
- Deploying vault on OCI gives seal type Shamir not OCIKMS HOT 1
- Tests Assert that HA Should not be able to set the dataStorage StorageClass
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-helm.