vault-operator icon indicating copy to clipboard operation
vault-operator copied to clipboard
verified publisher icon coreos

Vault as statefulset

Open thereallukl opened this issue 7 years ago • 2 comments

I'm working on automated deployment of vault with operator. What I noticed is that the operator is setting instances as deployment. It makes unsealing particular instances a bit troublesome (I need to check k8s API for IP of particular instance and then connect to it. I believe migrating to statefulset with known DNS names for each instance would make automated unsealing much easier. What do you think about?

Thanks.

thereallukl avatar Jun 06 '18 11:06 thereallukl

Small update for automated unsealing. I had to implement unsealing quickly, so I prototyped a solution with sidecar container[1]. It assumes IAM roles [2] are set for nodes running vault cluster.

[1] https://github.com/coreos/vault-operator/compare/master...lleszczu:add_unsealer?expand=1 [2] https://github.com/jetstack/vault-unsealer/pull/9/files

thereallukl avatar Jun 08 '18 16:06 thereallukl

@hasbro17 @philips vault-unsealer seems like a good option for #307 and #308

raoofm avatar Jun 21 '18 19:06 raoofm