I am trying to set up Vault as a 3 node instance with Raft backend using a Helm chart. It uses AWS KMS for the auto unseal feature.
However, I am having a lot of trouble trying to get this cluster to work.
First, I apply the Helm chart. It spins up 3 pods.
Next, I tried initializing each of the Vault pods.
namespace=vault for i in {0..2} ; do kubectl -n $namespace exec -ti vault-$i -- vault operator init ; echo; echo --------------------- ; echo ; done
However, if I run something like:
kubectl -n vault exec -it vault-0 -- vault status kubectl -n vault exec -it vault-1 -- vault status kubectl -n vault exec -it vault-2 -- vault status
They all show HA mode to be active.
I tried running this on vault-0 to manually add using the raft operator, but that did not work either.
kubectl -n vault exec -it vault-0 -- vault operator raft join http://vault-1.vault-internal:8200 kubectl -n vault exec -it vault-0 -- vault operator raft join http://vault-2.vault-internal:8200
The docs are not exactly clear on how this clustering step works. I just assumed it was automatic, something like how ElasticSearch works with autodiscovery if you tag each node with a clusterID.
Please assist and let me know what I am missing. Thanks.
My config for Vault is the following:
` config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
seal "awskms" {
region = "us-west-2"
kms_key_id = "REDACTED"
}
service_registration "kubernetes" {}`