vault-operator
vault-operator copied to clipboard
coreos
Run and manage Vault on Kubernetes simply and securely
It's not immediately apparent that this operator supports creating vaults with `-dev` enabled: https://www.vaultproject.io/docs/concepts/dev-server.html
Hi guys, First of all, thank you so much for open sourcing the Vault operator. This is a great milestone for the community and the overall security story of Kubernetes!...
Vault can be auto unsealed by using the keys from aws kms. See #307. Credentials can be passed via kube2iam or via accessKey/SecretKey pair.
I have a `vault-operator`-installed cluster that I'm monitoring with Prometheus. The StatsD exporter provides some metrics, but I am looking for a way to track the number of sealed/unsealed `vault`...
At present, the `Pod` field on the `VaultService` type offers the ability to specify resource limites/requests for the Vault pods that are deployed. It does not however offer the ability...
By installing curl into the vault image at initialization, we don't need to have a customized vault image, and can track upstream. This also upgrades to vault 0.10.2 and enables...
On openshift (3.10), i see no resources created after i make the vault CRD. - The vault operator is healthy: ``` ➜ vault-operator git:(openshift) ✗ oc get pods --all-namespaces |...
Vault should be auto initialized and the keys should be sent to aws kms. Either kube2iam be used to pass the aws credentials or accessKey/SecretKey pair can be used too....
I created a Vault service "cos-private" in "default" namespace by following the instructions, and was able to write and read secrets( vault write secret/my-test key1=value1 key2=value2 ...., and vault read...
Run [`vault_exporter`](https://github.com/grapeshot/vault_exporter) as a sidecar to allow Prometheus to import `vault` status metrics (eg: whether it's initialized or sealed). Closes #346.