Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → coreos → Vault Operator

coreos / Vault Operator

Licence: apache-2.0

Run and manage Vault on Kubernetes simply and securely

Programming Languages

31211 projects - #10 most used programming language

operators

16 projects

Labels

security kubernetes operator vault

Projects that are alternatives of or similar to Vault Operator

Bank Vaults

A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.

Stars: ✭ 1,316 (+75.47%)

Mutual labels: operator, vault

Vault Guides

Example usage of HashiCorp Vault secrets management

Stars: ✭ 636 (-15.2%)

Mutual labels: vault

Vault

A tool for secrets management, encryption as a service, and privileged access management

Stars: ✭ 22,383 (+2884.4%)

Mutual labels: vault

Getting Started

An end-to-end scenario showing how to use the Operator Framework.

Stars: ✭ 535 (-28.67%)

Mutual labels: operator

Testcontainers Spring Boot

Container auto-configurations for spring-boot based integration tests

Stars: ✭ 460 (-38.67%)

Mutual labels: vault

Camel K

Apache Camel K is a lightweight integration platform, born on Kubernetes, with serverless superpowers

Stars: ✭ 549 (-26.8%)

Mutual labels: operator

Dlpack

RFC for common in-memory tensor structure and operator interface for deep learning system

Stars: ✭ 398 (-46.93%)

Mutual labels: operator

Eventrouter

A simple introspective kubernetes service that forwards events to a specified sink.

Stars: ✭ 671 (-10.53%)

Mutual labels: operator

Jaeger Operator

Jaeger Operator for Kubernetes simplifies deploying and running Jaeger on Kubernetes.

Stars: ✭ 634 (-15.47%)

Mutual labels: operator

Mt Aws Glacier

Perl Multithreaded Multipart sync to Amazon Glacier

Stars: ✭ 522 (-30.4%)

Mutual labels: vault

Actions Runner Controller

Kubernetes controller for GitHub Actions self-hosted runnners

Stars: ✭ 502 (-33.07%)

Mutual labels: operator

Nats Operator

NATS Operator

Stars: ✭ 471 (-37.2%)

Mutual labels: operator

Proposal Pipeline Operator

A proposal for adding a useful pipe operator to JavaScript.

Stars: ✭ 5,899 (+686.53%)

Mutual labels: operator

Vault On Gke

Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform

Stars: ✭ 453 (-39.6%)

Mutual labels: vault

Redis Operator

Redis Operator creates/configures/manages high availability redis with sentinel automatic failover atop Kubernetes.

Stars: ✭ 658 (-12.27%)

Mutual labels: operator

Consul Template

Template rendering, notifier, and supervisor for @hashicorp Consul and Vault data.

Stars: ✭ 4,371 (+482.8%)

Mutual labels: vault

Operator Sdk

SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding.

Stars: ✭ 5,271 (+602.8%)

Mutual labels: operator

Consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Stars: ✭ 23,723 (+3063.07%)

Mutual labels: vault

Aws Service Operator

AWS Service Operator allows you to create AWS resources using kubectl.

Stars: ✭ 750 (+0%)

Mutual labels: operator

Elasticsearch Operator

manages elasticsearch clusters

Stars: ✭ 660 (-12%)

Mutual labels: operator

View All Similar Projects ➔

Vault Operator

Project status: beta

The basic features have been completed, and while no breaking API changes are currently planned, the API can change in a backwards incompatible way before the project is declared stable.

Overview

The Vault operator deploys and manages Vault clusters on Kubernetes. Vault instances created by the Vault operator are highly available and support automatic failover and upgrade.

Getting Started

Prerequisites

Kubernetes 1.8+

Configuring RBAC

Consult the RBAC guide on how to configure RBAC for the Vault operator.

Deploying the etcd operator

The Vault operator employs the etcd operator to deploy an etcd cluster as the storage backend.

Create the etcd operator Custom Resource Definitions (CRD):
```
kubectl create -f example/etcd_crds.yaml
```

Deploy the etcd operator:

kubectl -n default create -f example/etcd-operator-deploy.yaml

Deploying the Vault operator

Create the Vault CRD:

kubectl create -f example/vault_crd.yaml

Deploy the Vault operator:

kubectl -n default create -f example/deployment.yaml

Verify that the operators are running:

$ kubectl -n default get deploy
NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
etcd-operator    1         1         1            1           5m
vault-operator   1         1         1            1           5m

Deploying a Vault cluster

A Vault cluster can be deployed by creating a VaultService Custom Resource(CR). For each Vault cluster the Vault operator will also create an etcd cluster for the storage backend.

Create a Vault CR that deploys a 2 node Vault cluster in high availablilty mode:
```
kubectl -n default create -f example/example_vault.yaml
```

Wait until the example-... pods for the etcd and Vault cluster are up:

$ kubectl -n default get pods
NAME                              READY     STATUS    RESTARTS   AGE
etcd-operator-78899f87f6-qdn5h    3/3       Running   0          10m
example-7678c8f49c-kfx2w          1/2       Running   0          2m
example-7678c8f49c-pqrj8          1/2       Running   0          2m
example-etcd-7lpjg7n76d           1/1       Running   0          2m
example-etcd-dhxrksssgx           1/1       Running   0          2m
example-etcd-s7mzhffz92           1/1       Running   0          2m
vault-operator-5976f74f84-pxkf6   1/1       Running   0          10m

Get the Vault pods:

$ kubectl -n default get pods -l app=vault,vault_cluster=example
NAME                       READY     STATUS    RESTARTS   AGE
example-7678c8f49c-kfx2w   1/2       Running   0          2m
example-7678c8f49c-pqrj8   1/2       Running   0          2m

Check the Vault CR status:

$ kubectl -n default get vault example -o yaml
apiVersion: vault.security.coreos.com/v1alpha1
kind: VaultService
metadata:
    name: example
    namespace: default
    ...
spec:
    nodes: 2
    version: 0.9.1-0
    ...
status:
    initialized: false
    phase: Running
    updatedNodes:
    - example-7678c8f49c-kfx2w
    - example-7678c8f49c-pqrj8
    vaultStatus:
        active: ""
        sealed:
        - example-7678c8f49c-kfx2w
        - example-7678c8f49c-pqrj8
        standby: null
    ...

The Vault CR status shows the cluster is currently uninitialized and sealed.

Using the Vault cluster

See the Vault usage guide on how to initialize, unseal, and use the deployed Vault cluster.

Consult the monitoring guide on how to monitor and alert on a Vault cluster with Prometheus.

See the recovery guide on how to backup and restore Vault cluster data using the etcd opeartor

For an overview of the default TLS configuration or how to specify custom TLS assets for a Vault cluster see the TLS setup guide.

Uninstalling Vault operator

Delete the Vault custom resource:

kubectl -n default delete -f example/example_vault.yaml

Delete the operators and other resources:

kubectl -n default delete deploy vault-operator etcd-operator
kubectl -n default delete -f example/rbac.yaml

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 750

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (59) 🔗