2020-01-23 20:14:01 +00:00
|
|
|
---
|
2020-12-17 21:53:33 +00:00
|
|
|
layout: 'docs'
|
|
|
|
page_title: 'Highly Available Vault Cluster with Consul'
|
|
|
|
sidebar_current: 'docs-platform-k8s-examples-ha-with-consul'
|
2020-01-23 20:14:01 +00:00
|
|
|
description: |-
|
|
|
|
Describes how to set up a highly available Vault cluster with Consul backend
|
|
|
|
---
|
|
|
|
|
|
|
|
# Highly Available Vault Cluster with Consul
|
|
|
|
|
2022-05-17 21:02:26 +00:00
|
|
|
~> **Important Note:** This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
|
2020-01-23 20:14:01 +00:00
|
|
|
|
|
|
|
The below `values.yaml` can be used to set up a five server Vault cluster using
|
|
|
|
Consul as a highly available storage backend, Google Cloud KMS for Auto Unseal.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
server:
|
|
|
|
extraEnvironmentVars:
|
|
|
|
GOOGLE_REGION: global
|
|
|
|
GOOGLE_PROJECT: myproject
|
|
|
|
GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/my-gcp-iam/myproject-creds.json
|
|
|
|
|
|
|
|
extraVolumes:
|
|
|
|
- type: secret
|
|
|
|
name: my-gcp-iam
|
|
|
|
|
|
|
|
affinity: |
|
|
|
|
podAntiAffinity:
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
- labelSelector:
|
|
|
|
matchLabels:
|
|
|
|
app: {{ template "vault.name" . }}
|
|
|
|
release: "{{ .Release.Name }}"
|
|
|
|
component: server
|
|
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
|
|
|
|
service:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
ha:
|
|
|
|
enabled: true
|
|
|
|
replicas: 5
|
|
|
|
|
|
|
|
config: |
|
|
|
|
ui = true
|
|
|
|
|
|
|
|
listener "tcp" {
|
|
|
|
tls_disable = 1
|
|
|
|
address = "[::]:8200"
|
|
|
|
cluster_address = "[::]:8201"
|
|
|
|
}
|
|
|
|
|
|
|
|
storage "consul" {
|
|
|
|
path = "vault"
|
|
|
|
address = "HOST_IP:8500"
|
|
|
|
}
|
|
|
|
|
|
|
|
seal "gcpckms" {
|
|
|
|
project = "myproject"
|
|
|
|
region = "global"
|
|
|
|
key_ring = "vault-unseal-kr"
|
|
|
|
crypto_key = "vault-unseal-key"
|
|
|
|
}
|
2020-07-10 20:02:51 +00:00
|
|
|
|
|
|
|
service_registration "kubernetes" {}
|
2020-01-23 20:14:01 +00:00
|
|
|
```
|