I’m very new to Vault, but I am trying to improve the security of my bare metal kubernetes cluster; my priorities are high availability and reducing dependence on external systems as much as is reasonable, so e.g. I’d rather not have a system that will all stop working if somebody else’s KMS stops working.
I have installed vault using the helm chart in HA raft mode with 5 statefulset members; currently I need to manually unlock all of them, which makes restarting servers to apply upgrades more of a pain, but at least with the poddisruptionbudget it won’t let me accidentally drain a node with vault on it without making sure the other nodes are up =] The raft backend is on local disks, not on my ceph storage.
What I’m wondering is if it is safe to use that vault instance to secure the secrets in my kubernetes cluster. The concern is what would happen if somehow there was a catastrophic issue where the whole cluster went down – would that keep the cluster from coming up (and thus allowing vault to come up) or would it be fine as long as vault isn’t relying on any particular secrets to come up?
Classic chicken and egg problem, I guess =]