High Availability on OCP Using S3 backend

DorianTs · March 16, 2022, 9:28am

Hello everybody!

When looking at the documentation on how to deploy Vault using helm chart on OCP here, There is a section that describes how to configure a highly available cluster using Raft Mode which is basically using internal storage for Vault.
We wanted to check whether it will work if we deploy Vault to write to an S3 endpoint with ha_mode on, and we got this error from the pod - “service_registration is configured, but storage does not support HA”.
So my questions are -

Do you think it will be supported in the future?
If I deploy Vault with HA on internal storage (using PVCs), is there a procedure you would recommend to backup the data from PVC to somewhere else outside the OCP cluster (For example to S3 endpoint)? And how would you do that?

jeffsanicola · March 16, 2022, 12:07pm

It’s possible but I wouldn’t count on it. HashiCorp has been encouraging the use of RAFT as it works with HA and is fully supported by them.
In regard to the backups you can take snapshots either via the CLI or API. If you have Enterprise you can configure automatic snapshots otherwise, if you’re using Open Source, you’d probably need to come up with a method to schedule the snapshots yourself.

Topic		Replies	Views
Vault helmchart examples? Vault k8s	4	1508	October 16, 2020
HA mode and Raft snapshots Vault raft	2	289	May 26, 2023
Vault storage recommendation Vault k8s , vault	1	148	March 29, 2024
Is it possible to deploy vault ha cluster with minio as storage backend Vault vault	1	602	February 3, 2022
Raft backups in HA Storage Vault raft	2	1205	August 26, 2020

High Availability on OCP Using S3 backend

Related topics