About to start a large-scale project that will need vault as its secret engine.
Sorry about the broadly scoped question but just trying to find any articles / guidelines on the VMs vs k8s dilemma.
Personally I lean more towards VM-based installation (more battle-tested, simpler due to less abstraction layers) but I would be very grateful about any opinions etc.
I’m in the same camp. Vault is already a complex product without adding the madness that is Kubernetes on top of it. That said, along with some additional complexities, it doesn’t take much to get your cluster up and running in k8s.
A couple of items to get an answer on – not in order of importance
- Log capture from nodes into a centralized system (ex: Splunk)
- Auto-unseal - where, how to access, etc.
- Backend Storage (Raft vs. Consul)