Vault helmchart examples?

Hi,

I am looking for a way to deploy the vault helm chart with a HA vault cluster storing it’s data in a S3 bucket for DR. Is this possible with the current chart? I see an option for RAFT storage, but I wanted to take it one step further… (https://www.vaultproject.io/docs/platform/k8s/helm/examples/ha-with-raft)

I looked at the hashicorp site for examples, but I don’t seem to see anything like that?

Also, is there an option for auto-unseal for on-prem deployments?

Ta,

x

The following helm values should give you S3 with DynamoDB for HA:

vault:
  server:
    dataStorage:
      enabled: false
    dev:
      enabled: false
    standalone:
      enabled: false
    ha:
      enabled: true
      replicas: 3

      # config is a raw string of default configuration when using a Stateful
      # deployment. Default is to use a Consul for its HA storage backend.
      # This should be HCL.
      config: |
        storage "s3" {
          bucket     = "my-bucket"
          region     = "eu-west-1"
        }
  
        ha_storage "dynamodb" {
          ha_enabled = "true"
          region     = "eu-west-1"
          table      = "my-table"
        }

        listener "tcp" {
          tls_disable = 1
          address = "[::]:8200"
          cluster_address = "[::]:8201"

        }

I guess you can tweak the config yourself if you want another HA scenario. On-prem seal/unseal is only supported with Enterprise edition and a HSM module. So yeah, on-prem auto-unseal is an expensive scenario :wink:

1 Like

Thanks for the example! Very helpful!