Deploy HashiCorp Vault to AWS EKS Clusters with this add-on.
If you would like to override any defaults with the chart, you can do so by passing the helm_config
variable.
For a more extensive example, see blueprints/getting-started.
Once the add-on has been deployed, you can unseal the Vault server using the following commands.
You will need to be in the
vault
(Kubernetes) namespace while running these commands, by default
First, initialize the Vault server. This will return unseal keys and root token. Store this in a safe place since you will use them to unseal the Vault server.
kubectl exec -it vault-0 -n vault -- vault operator init
Next, unseal the Vault server by providing at least 3 of these keys to unseal Vault before servicing requests.
kubectl exec -it vault-0 -n vault -- vault operator unseal <key 1>
kubectl exec -it vault-0 -n vault -- vault operator unseal <key 2>
kubectl exec -it vault-0 -n vault -- vault operator unseal <key 3>
Confirm that the Vault server is unsealed by checking the status of the Vault server.
kubectl get pods -n vault | grep vault
This command will return a similar output to the following.
NAME | READY | STATUS | RESTARTS | AGE
---------------------|-------|---------|----------|-----
vault-0 | 1/1 | Running | 0 | 28m
vault-agent-injector | 1/1 | Running | 0 | 1m
At this point, you can use Vault to store, access and deploy secrets to your application workloads.
Refer to this guide for a detailed overview on how to get started.
Name | Description | Type | Default | Required |
---|---|---|---|---|
addon_context | Input configuration for the addon. | object({ |
n/a | yes |
helm_config | HashiCorp Vault Helm chart configuration. | any |
{} |
no |
manage_via_gitops | Determines if the add-on should be managed via GitOps. | bool |
false |
no |
vault_namespace | Kubernetes Namespace to deploy HashiCorp Vault in | string |
"vault" |
no |
Name | Description |
---|---|
argocd_gitops_config | Configuration used for managing the add-on with ArgoCD |
merged_helm_config | (merged) Helm Config for HashiCorp Vault |
This repository is maintained by the contributors listed on GitHub.
Licensed under the Apache License, Version 2.0 (the "License").
You may obtain a copy of the License at apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" basis, without WARRANTIES or conditions of any kind, either express or implied.
See the License for the specific language governing permissions and limitations under the License.