Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Helm chart to install OpenBao and other associated components.
108 commits 11 branches 48 tags 1.4 MiB
Shell 89.9%
Smarty 8%
HCL 0.9%
Makefile 0.7%
Dockerfile 0.5%
Find a file
Clint Shryock 51d8b51e14
update readme to remove links to docs we don't have yet
2018-12-03 16:12:51 -06:00
templates add/update how disruption budget works 2018-12-03 11:30:50 -06:00
test rename to match HA 2018-12-03 10:44:53 -06:00
.gitignore Move all terraform setup to test/terraform 2018-08-20 16:16:22 -07:00
.helmignore Ignore bin dirs 2018-08-20 17:30:52 -07:00
CHANGELOG.md Update CHANGELOG 2018-09-26 12:43:21 -05:00
Chart.yaml trim, s/Consul/Vault 2018-09-28 15:45:40 -05:00
LICENSE.md Add license 2018-08-17 22:09:05 -07:00
Makefile Initial stuff 2018-08-20 15:26:37 -07:00
README.md update readme to remove links to docs we don't have yet 2018-12-03 16:12:51 -06:00
values.yaml comment out the auto-unseal blocks 2018-12-03 16:08:20 -06:00

README.md

Vault Helm Chart

WIP - forked from vault-Helm and under heavy development

This repository contains the official HashiCorp Helm chart for installing and configuring Vault on Kubernetes. This chart supports multiple use cases of Vault on Kubernetes depending on the values provided.

//: # (Vault and Kubernetes documentation.)

Prerequisites

To use the charts here, Helm must be installed in your Kubernetes cluster. Setting up Kubernetes and Helm and is outside the scope of this README. Please refer to the Kubernetes and Helm documentation.

The versions required are:

  • Helm 2.10+ - This is the earliest version of Helm tested. It is possible it works with earlier versions but this chart is untested for those versions.
  • Kubernetes 1.9+ - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested. Other versions verified are Kubernetes 1.10, 1.11.

Usage

For now, we do not host a chart repository. To use the charts, you must download this repository and unpack it into a directory. Either download a tagged release or use git checkout to a tagged release. Assuming this repository was unpacked into the directory vault-helm, the chart can then be installed directly:

helm install ./vault-helm

//: # (Vault website.)

Using auto-unseal

Starting with Vault 1.0-beta, auto-unseal features are now included in the open source version on Vault. In order to use these features, users must ensure that the Vault configuration is provided with the appropriate credentials and authorizations to access the APIs needed for the given key provider, as well as the necessary keys created before hand.

Testing

The Helm chart ships with both unit and acceptance tests.

The unit tests don't require any active Kubernetes cluster and complete very quickly. These should be used for fast feedback during development. The acceptance tests require a Kubernetes cluster with a configured kubectl. Both require Bats and helm to be installed and available on the CLI. The unit tests also require the correct version of yq if running locally.

To run the unit tests:

bats ./test/unit

To run the acceptance tests:

bats ./test/acceptance

If the acceptance tests fail, deployed resources in the Kubernetes cluster may not be properly cleaned up. We recommend recycling the Kubernetes cluster to start from a clean slate.

Note: There is a Terraform configuration in the test/terraform/ directory that can be used to quickly bring up a GKE cluster and configure kubectl and helm locally. This can be used to quickly spin up a test cluster for acceptance tests. Unit tests do not require a running Kubernetes cluster.