New Vault Deployment (Kubernetes)

Hi all

Having been introduced to Vault / Consul / Nomad in my last role (I hadn’t used it before), I have since moved on but see an opportunity to deploy into a new business.

I worked heavily with the stack in my past position and was thoroughly impressed with it, so much so that I think it could be of use here.

I don’t need Nomad as EKS is on site, I want to integrate Vault into EKS - my question is, what is the best practice where deployment alongside Kubernetes is concerned? I want to setup a similar deployment to previous whereby pipeline and containerised applications can individually request access to specific AWS services with the token received back from Vault pinning this access down to the bare minimum required.

Is it worth running a 3 x node Vault cluster on EC2 or can I run it in Kubernetes itself? any recommended documentation on that? (obviously persistent storage is going to be required) - I’d also like to integrate it into Active Directory.

Finally, one last question if you guys don’t mind, does it integrate at all with Drone CI?