vault-csi-provider icon indicating copy to clipboard operation
vault-csi-provider copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Support for non-LB'd HA clusters

Open gtaylor opened this issue 3 years ago • 0 comments
trafficstars

If I am understanding correctly, the Vault CSI can only be pointed at a single vaultAddress. For example:

---
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: vault-db-creds
spec:
  provider: vault
  parameters:
    roleName: 'app'
    vaultAddress: 'https://vault.vault:8200'
    vaultCACertPath: '/vault/tls/ca.crt'
    objects: |
      - objectName: "dbUsername"
        secretPath: "database/creds/db-app"
        secretKey: "username"
      - objectName: "dbPassword"
        secretPath: "database/creds/db-app"
        secretKey: "password"

I've got a simple bare metal setup that does not include an LB solution. This means that the Vault CSI would cease to function if the single node that my SecretProviderClass points as goes down.

Would it be possible to add the ability to specify multiple Vault addresses?

    vaultAddresses: ['https://vault1.vault:8200', 'https://vault2.vault:8200', 'https://vault3.vault:8200']

Or something similar?

gtaylor avatar Jul 08 '22 23:07 gtaylor