Hi,
I am looking for a way to deploy the vault helm chart with a HA vault cluster storing it’s data in a S3 bucket for DR. Is this possible with the current chart? I see an option for RAFT storage, but I wanted to take it one step further… (https://www.vaultproject.io/docs/platform/k8s/helm/examples/ha-with-raft)
I looked at the hashicorp site for examples, but I don’t seem to see anything like that?
Also, is there an option for auto-unseal for on-prem deployments?
Ta,
x
The following helm values should give you S3 with DynamoDB for HA:
vault:
server:
dataStorage:
enabled: false
dev:
enabled: false
standalone:
enabled: false
ha:
enabled: true
replicas: 3
# config is a raw string of default configuration when using a Stateful
# deployment. Default is to use a Consul for its HA storage backend.
# This should be HCL.
config: |
storage "s3" {
bucket = "my-bucket"
region = "eu-west-1"
}
ha_storage "dynamodb" {
ha_enabled = "true"
region = "eu-west-1"
table = "my-table"
}
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
I guess you can tweak the config yourself if you want another HA scenario. On-prem seal/unseal is only supported with Enterprise edition and a HSM module. So yeah, on-prem auto-unseal is an expensive scenario
1 Like
Thanks for the example! Very helpful!
why vault: as a top level key ?
This example was taken from a chart where the Vault helm chart was a dependency of my chart.
You probably don’t need that top-level key if you use the Vault helm chart directly.
1 Like