We want to use older version of HashiVault version 1.5.4

Vault
, ,
1

We have older version of kubernetes v1.11.10 cluster running and due to business decision issue, we can’t upgrade K8s at this point of time.

We wanted to start using HashiVault helm based deployment.

What we have identified, all helm charts offered by HashiVault are based on Helm3 and requires minimum K8s 1.16.

  1. We want to use stable version of Vault for at-least 2 years of support
  2. We will use RAFT storage engine
  3. Our cluster supports only helm2 at this point of time
  4. We are running our cluster on OpenShift v3.11 based on OKD
  5. In future we may opt for enterprise version

Can you please suggest us the way forward, we have following option identified

  1. Writing our own helm2 chart to deploy hashiVault stable version
  2. Converting Hashi provided official helm3 and patch it to make it helm2 and K8s 1.11 compatible.
  3. Or please suggest other quick solution out here.
  4. If possible, can we use HashiVault Helm chart app version 1.5.2 ( chart version 0.7.0) or 1.5.4 ( chart version 0.8.0) for our use-case
2

You need to start by reversing your business decision not to upgrade Kubernetes, or otherwise accepting you will be unable to get support.

If you are going to use such old software, you will inevitably find a lack of support from upstreams, and that other parts of the ecosystem require newer versions.

HashiCorp only provide security support for the current and two previous releases of Vault. So today, that means 1.10.x or newer.

Kubernetes has the same policy - today that means 1.23.x or newer.

The versions you are talking about are so old that you should not be using them, certainly not in any new deployment.

3

That is a very old version of Kubernetes so you will probably find some problems & be very much on your own - I’d expect HashiCorp probably will limit their level of support if you did go Enterprise (as you wouldn’t be able to use the standard Helm chart, etc.)

With regards to it actually “working” it depends on what you are trying to do. If you just want Vault with K/V and AppRole it would probably work - with the proviso that you’d need to sort out the deployment yourself.

If you wanted to use anything more integrated into Kubernetes, such as the Kubernetes auth engine or the Vault pod injector you are more likely to be out of luck. They actually talk to various Kubernetes APIs so quite possibly will need APIs that might not be available that old.

Especially as Vault is security focussed I would be very reluctant to be running it on a version of Kubernetes which is not supported and has known security issues.