luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/platform/k8s/index.mdx

84 lines
4.7 KiB
Plaintext
Raw Normal View History

doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
---
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
layout: docs
page_title: Kubernetes
description: This section documents the official integration between Vault and Kubernetes.
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
---
# Kubernetes
Updates the k8s helm platform docs (#8632) * Updates the k8s helm platform docs - Updates to talk about the external mode - Updates the helm install overview to show that the releases can also be the way to install - Rewrites the how-to to include showing how to start in each mode - Each mode that has a guide links off to a guide - Re-organizes the Unseal and Init to a section and places all the various other unseals underneath it - Moves updating below the unseal and init - Shows some basic usage of the helm CLI with a value and file override * Adds learn links for k8s index pages * Adds helm dev and external vault examples While the dev one may seem obvious I think that it's incredibly useful to cover our bases if this is to be reference documentation. I thought maybe the example could have ingress support for UI but do not have the experience to recommend it. * Adds helm docs example dev and external - places the development first as it feels like the starting point for some. - places the external after HA Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-03-30 21:35:08 +00:00
Vault can be deployed into Kubernetes using the official HashiCorp Vault Helm chart.
The Helm chart allows users to deploy Vault in various configurations:
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
Updates the k8s helm platform docs (#8632) * Updates the k8s helm platform docs - Updates to talk about the external mode - Updates the helm install overview to show that the releases can also be the way to install - Rewrites the how-to to include showing how to start in each mode - Each mode that has a guide links off to a guide - Re-organizes the Unseal and Init to a section and places all the various other unseals underneath it - Moves updating below the unseal and init - Shows some basic usage of the helm CLI with a value and file override * Adds learn links for k8s index pages * Adds helm dev and external vault examples While the dev one may seem obvious I think that it's incredibly useful to cover our bases if this is to be reference documentation. I thought maybe the example could have ingress support for UI but do not have the experience to recommend it. * Adds helm docs example dev and external - places the development first as it feels like the starting point for some. - places the external after HA Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-03-30 21:35:08 +00:00
- Dev: a single in-memory Vault server for testing Vault
- Standalone (default): a single Vault server persisting to a volume using the file storage backend
- High-Availability (HA): a cluster of Vault servers that use an HA storage backend such as Consul (default)
- External: a Vault Agent Injector server that depends on an external Vault server
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
## Use Cases
Updates the k8s helm platform docs (#8632) * Updates the k8s helm platform docs - Updates to talk about the external mode - Updates the helm install overview to show that the releases can also be the way to install - Rewrites the how-to to include showing how to start in each mode - Each mode that has a guide links off to a guide - Re-organizes the Unseal and Init to a section and places all the various other unseals underneath it - Moves updating below the unseal and init - Shows some basic usage of the helm CLI with a value and file override * Adds learn links for k8s index pages * Adds helm dev and external vault examples While the dev one may seem obvious I think that it's incredibly useful to cover our bases if this is to be reference documentation. I thought maybe the example could have ingress support for UI but do not have the experience to recommend it. * Adds helm docs example dev and external - places the development first as it feels like the starting point for some. - places the external after HA Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-03-30 21:35:08 +00:00
**Running a Vault Service:** The Vault server cluster can run directly on Kubernetes.
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
This can be used by applications running within Kubernetes as well as external to
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
Kubernetes, as long as they can communicate to the server via the network.
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
**Accessing and Storing Secrets:** Applications using the Vault service running in
Kubernetes can access and store secrets from Vault using a number of different
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
[secret engines](/vault/docs/secrets) and [authentication methods](/vault/docs/auth).
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
**Running a Highly Available Vault Service:** By using pod affinities, highly available
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
backend storage (such as Consul) and [auto-unseal](/vault/docs/concepts/seal#auto-unseal),
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
Vault can become a highly available service in Kubernetes.
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
**Encryption as a Service:** Applications using the Vault service running in Kubernetes
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
can leverage the [Transit secret engine](/vault/docs/secrets/transit)
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
as "encryption as a service". This allows applications to offload encryption needs
Update index.html.md (#7580) "before storage data at rest" seems like it was intended to read either "before storing data at rest" or "before storage of data at rest".
2019-10-07 15:53:17 +00:00
to Vault before storing data at rest.
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
New Website! (#8154) * new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
2020-01-18 00:18:09 +00:00
**Audit Logs for Vault:** Operators can choose to attach a persistent volume
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
to the Vault cluster which can be used to [store audit logs](/vault/docs/audit).
doc: add k8s vault-helm doc (#7193) * doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2019-08-05 21:15:28 +00:00
**And more!** Vault can run directly on Kubernetes, so in addition to the
native integrations provided by Vault itself, any other tool built for
Kubernetes can choose to leverage Vault.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
## Getting Started with Vault and Kubernetes
There are several ways to try Vault with Kubernetes in different environments.
### Guides
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Vault Installation to Minikube via Helm with Integrated Storage](/vault/tutorials/kubernetes/kubernetes-minikube-raft) covers installing Vault locally using Minikube and the official Helm chart.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Vault Installation to Red Hat OpenShift via Helm](/vault/tutorials/kubernetes/kubernetes-openshift) covers installing Vault using Helm on Red Hat's OpenShift platform.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Integrate a Kubernetes Cluster with an External Vault](/vault/tutorials/kubernetes/kubernetes-external-vault) provides an example of making Vault accessible via a Kubernetes service and endpoint.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Vault on Kubernetes Deployment Guide](/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide) covers the steps required to install and configure a single HashiCorp Vault cluster as defined in the [Vault on Kubernetes Reference Architecture](/vault/tutorials/kubernetes/kubernetes-reference-architecture).
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
Add vault-secrets-operator beta docs. (#19827) Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com> Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-03-29 20:33:06 +00:00
### High Level Comparison of Integrations
There are currently 3 different integrations to help Kubernetes workloads seamlessly consume secrets from Vault, without the need to modify the application to interact directly with Vault. Each integration addresses slightly different use-cases. The following is a brief overview of the strengths of each integration.
#### Agent Injector
- No durable secret storage outside Vault. All secrets written to disk are in ephemeral in-memory volumes.
- No highly privileged service accounts required. All secrets are fetched with the pod's own service account without the need for any other service accounts to impersonate it.
- More mature solution, with proven production record and advanced features like templating,
wider array of auth methods, etc.
#### Vault Secrets Operator (public beta)
- More native UX for app developers. Workloads can mount Kubernetes secrets without adding any Vault-specific configuration.
- Reduced load on Vault. Secrets are synced per CRD instead of per consuming pod.
- Better Vault secret availability. Kubernetes secrets act as a durable cluster-local cache of Vault secrets.
#### Vault CSI Provider
- The CSI driver that the provider is based on is vendor neutral.
- No durable secret storage outside Vault if the secret sync feature isn't used. All secrets written to disk are in ephemeral in-memory volumes.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
### Documentation
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Vault on Kubernetes Reference Architecture](/vault/tutorials/kubernetes/kubernetes-reference-architecture) provides recommended practices for running Vault on Kubernetes in production.
K8s docs cross reference (#9795) * add links to commonly reference Learn site docs * fixed markdown links * Moved Deployment Guide to "Guides" subs section
2020-08-21 19:03:01 +00:00
docs: Migrate link formats (#18696) * Adding check-legacy-links-format workflow * Adding test-link-rewrites workflow * Updating docs-content-check-legacy-links-format hash * Migrating links to new format Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-26 00:12:15 +00:00
- [Vault on Kubernetes Security Considerations](/vault/tutorials/kubernetes/kubernetes-security-concerns) provides recommendations specific to securely running Vault in a production Kubernetes environment.
Reference in a new issue Copy permalink