Vault in k8s without admin rights

I am trying to install the Hashicorp Vault in my k8s available on Openshift environment, but unfortunately I don’t have admin rights and the IT department said that it is not possible to provide this admin right.

Is there another option for a vault where it is not necessary admin right for the kubernetes?

The error after the tentative installation is this one.

Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource:” is forbidden: User “” cannot get resource “customresourcedefinitions” in API group “” at the cluster scope.

Hello @brunojus,

If you’re using the Vault Helm chart, it uses ClusterRole and ClusterRoleBinding for both the server and the client. The server needs it for the Kubernetes service account JWT to authenticate to Vault. The client needs it for the mutating webhook to inject the sidecar. Since these features require administrative access in the cluster, you may need to ask your IT team to create the ClusterRole and ClusterRoleBinding for you. Then, alter the Helm chart to use an existing ClusterRole and ClusterRoleBinding (this GitHub issue includes some of the steps).

I am not sure if something in OpenShift could support this more directly but let us know if you find something!

Is Kubernetes a hard requirement for your tests? I run my cluster of Vault straight on my laptop’s metal. Download, create a minimal configuration file and run:

vault server --config myconfig.hcl

But I do need to run Vault in Kubernetes every now and then (because or production Vaults run in it). If you can’t get administrator rights, have your IT department install Docker Desktop (and WSL if you are on Winddows), add you to the docker-users group.

There is a chance it will allow you to work locally…