Vault Server on Kubernetes - Does anyone have a working pod spec file

yasin.shaikh · August 14, 2021, 9:37pm

Could anyone kindly share a working pod / deployment spec for Vault server in Kubernetes (based on their alpine image).

I have my own pod spec file, but it is erroring out because of my “command” and “args” field and I am not sure what the entrypoint.sh requires. I have tried several options as commands and arguments but it keeps erroring out, with command not found.

The documentation was not very helpful in this regard. Hence reaching out to the community.

Note that I can create a Vault in Dev Mode without a problem.

The issue is creating it in Server Mode.

tomhjp · August 17, 2021, 3:22pm

Hi @yasin.shaikh, I would recommend using the output of the helm chart as a starting point, e.g.:

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update
helm template vault hashicorp/vault

There will be lots to strip away if you’re generating hand crafted manifests, but the essence of the command will be something like /usr/local/bin/docker-entrypoint.sh vault server -config=/path/to/config.hcl.

Also note that dev mode is just server mode with an extra flag, so you could strip that flag from your working dev mode manifest, but of course you will then need to provide a config file, perform the operator init and unseal etc now that it’s not in dev mode.

yasin.shaikh · August 19, 2021, 10:53pm

Thanks a lot. I was able to look at the helm chart and found the command syntax that was needed.

Appreciate you getting back to me.

tirelibirefe · November 18, 2021, 5:26pm

Hello @tomhjp
Could you please advise any documentation which explains how we can fill kms_key_id and endpoint fields in Helm chart in order to figure out auto-unsealing Vault on AWS?