Using Load Balancer to expose Vault through Kubernetes


I see from the official Vault Helm Chart that the service can be exposed.

# Enables a headless service to be used by the Vault Statefulset
    enabled: true
    # clusterIP controls whether a Cluster IP address is attached to the
    # Vault service within Kubernetes.  By default the Vault service will
    # be given a Cluster IP address, set to None to disable.  When disabled
    # Kubernetes will create a "headless" service.  Headless services can be
    # used to communicate with pods directly through DNS instead of a round robin
    # load balancer.
    # clusterIP: None

    # Configures the service type for the main Vault service.  Can be ClusterIP
    # or NodePort.
    #type: ClusterIP

    # If type is set to "NodePort", a specific nodePort value can be configured,
    # will be random if left blank.
    #nodePort: 30000

    # Port on which Vault server is listening
    port: 8200
    # Target port to which the service should be mapped to
    targetPort: 8200
    # Extra annotations for the service definition. This can either be YAML or a
    # YAML-formatted multi-line templated string map of the annotations to apply
    # to the service.
    annotations: {}

However, I only see it possible with NodePort or ClusterIP. What if I want to expose it via an AWS LoadBalancer (internal) so other applications within the same VPC can access it? I do not see any documentation about that, but in the Values file I just put type: LoadBalancer and the annotations that I need (ACM Certificate, Internal-facing and so).

Is it there any specific reason why it is not in the documentation?


Hi ,

I tried to put annotations but for me vault pods are not coming. How does it is working for you