open-vault/website/content/docs/platform/k8s/helm/examples/ha-with-consul.mdx

67 lines
1.6 KiB
Plaintext
Raw Normal View History

---
layout: 'docs'
page_title: 'Highly Available Vault Cluster with Consul'
sidebar_current: 'docs-platform-k8s-examples-ha-with-consul'
description: |-
Describes how to set up a highly available Vault cluster with Consul backend
---
# Highly Available Vault Cluster with Consul
~> **Important Note:** This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
The below `values.yaml` can be used to set up a five server Vault cluster using
Consul as a highly available storage backend, Google Cloud KMS for Auto Unseal.
```yaml
server:
extraEnvironmentVars:
GOOGLE_REGION: global
GOOGLE_PROJECT: myproject
GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/my-gcp-iam/myproject-creds.json
extraVolumes:
- type: secret
name: my-gcp-iam
affinity: |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
service:
enabled: true
ha:
enabled: true
replicas: 5
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "consul" {
path = "vault"
address = "HOST_IP:8500"
}
seal "gcpckms" {
project = "myproject"
region = "global"
key_ring = "vault-unseal-kr"
crypto_key = "vault-unseal-key"
}
service_registration "kubernetes" {}
```