vault-operator
vault-operator copied to clipboard
coreos
Looking for maintainers
As the current maintainers we are focusing our efforts on tools to help all engineers build Operators with the Operator Framework and less time on specific Operators such as Vault. Building the Vault Operator was key to learning which abstractions to provide in our SDK. As a result of our commitments to the new projects we are not able to give enough time to the Vault Operator.
With our realigned focus, we explored a number of options (including with Hashicorp) to ensure the health of this project. At this point, we're looking for maintainers to help us realize the vision of this project. We will be involved with the limited time we can make available for reviewing code, etc as those maintainers get up to speed. If you're interested, please let us know by commenting down below so we can reach out to you.
We have a Vault operator which is actively maintained and used in production by us and our customers. It's a very feature rich operator, but should you have any requirements let us know: https://github.com/banzaicloud/bank-vaults.
Besides other features, these are the ones which we have in addition:
- Automatic Vault initialization
- Root Token and Unseal Keys encrypted and stored in cloud KMS systems (Azure Key Vault, AWS KMS, GCP KMS ,Alibaba KMS)
- Also they can be stored in Kubernetes Secrets (however this is not supposed to be used in production, because the current limitations of Kubernetes Secrets, see this doc for more details)
- Automated unsealing
- Automated re/configuration of Vault based on a YAML/JSON file like: Auth backends, Secret backends, and policies
- It is not tied to etcd at all, supports multiple storage backends (e.g. cloud provider storages)
Please note that the Banzai Vault Operator is based on the new operator-framework and we have described it in numerous blog posts already:
- https://banzaicloud.com/blog/vault-operator/
- https://banzaicloud.com/blog/vault-unsealing/
@matyix @bonifaido thanks for sharing bank-vaults. Looks like it has some awesome features. One thing that vault-operator project had I don't see in bank-vaults is creation and deploying backend (example etcd). I'm ok if you guys say that creating and maintaining backend is out of scope for bank-vaults but wanted to check if this is part of the plan or not.
@raoofm, bank-vaults currently prefers cloud provider offered object storage services (we think that the less moving parts that we have to maintain is the better), however it is not limited to them, we can easily package an etcd or MySQL operator next to bank-vaults operator if we detect that the configuration needs a different kind of backend. If you need support for those please open up a issue on the GitHub project.
@bonifaido yes i saw that aws s3 backend is supported but that is not listed as an HA backend in hashicorp's vault. Ok I'll open an issue.
Just for reference the etcd backend has been added to the master branch: https://github.com/banzaicloud/bank-vaults/pull/79 Feel free to write any feedback, issues or enhancement requests in the bank-vaults repository.
hey @hasbro17 , we are relying on the vault-operator and would love to help out.
There are a lot of great pending merge requests. How about we do a incubator branch, merge some of them and release them to the helm incubator repository. I would be happy to help!
best
@hasbro17 @fanminshi can you assign someone to handle this? It looks like a few people have volunteered but I don't see any maintainer attention on this issue.
What in particular are you looking for? An overall maintainer to manage the contributors/contributions and assure quality?
I'd love to step in and help however you need to try to get things moving forward again with this project. As is, the repo sitting a few versions behind vault mainline and seems like it hasn't been updated in some months.
Please reach out to me here on github or via email!
My apologies for not responding sooner. @quorak @limnick @cpanato Thank you for offering to help. I'm currently busy with some with some work at kubecon this week, but I will try to reach out sometime next week to figure out a process to onboard new maintainers and hopefully get this project back on track.
I am interested to contribute to this project. I too was at Kubecon last week. It was an amazing week I should say. Anyway, please let me know how to contribute to this project.
I am also interested to contribute to this project. Though I do believe the operator needs to be aligned with HashiCorp Vault versions.
@cpanato @oded-dd @swarupdonepudi and all - you might want to contribute here https://github.com/banzaicloud/bank-vaults as well 👍 - we welcome all contributions. The project is actively maintained, run in production by many organizations and feature wise is considerably ahead than this one.
@cpanato My apologies, I've been busy with some other work over the last few months and completely forgot to follow up on this. I wasn't sure if anyone in this thread was still interested in contributing to this project in light of https://github.com/banzaicloud/bank-vaults but I'll spend some time in the coming week to reach out to you and some other folks if you're still interested.
@cpanato is there any specific use feature in the coreos/vault operator that the banzaicloud/bank-vaults does not cover and you are interested in - if so we are happy to discuss it on GitHub or the operator's Slack channel.
@hasbro17 long time no speak, hope you're doing great. Seems you've been really busy with the SDK - the lifecycle management stuff is great!, we have just added that to BV and pushed it to the https://operatorhub.io/operator/beta/vaultoperator.v0.4.10
@hasbro17 @matyix I don't see the need to have multiple vault operators that essentially does the same thing. I think it might be the best if community can converge all the efforts into one operator and the community will benefit from that.
