High Availability on OCP Using S3 backend

Hello everybody!

When looking at the documentation on how to deploy Vault using helm chart on OCP here, There is a section that describes how to configure a highly available cluster using Raft Mode which is basically using internal storage for Vault.
We wanted to check whether it will work if we deploy Vault to write to an S3 endpoint with ha_mode on, and we got this error from the pod - “service_registration is configured, but storage does not support HA”.
So my questions are -

  1. Do you think it will be supported in the future?
  2. If I deploy Vault with HA on internal storage (using PVCs), is there a procedure you would recommend to backup the data from PVC to somewhere else outside the OCP cluster (For example to S3 endpoint)? And how would you do that?
  1. It’s possible but I wouldn’t count on it. HashiCorp has been encouraging the use of RAFT as it works with HA and is fully supported by them.
  2. In regard to the backups you can take snapshots either via the CLI or API. If you have Enterprise you can configure automatic snapshots otherwise, if you’re using Open Source, you’d probably need to come up with a method to schedule the snapshots yourself.
1 Like