vault-operator
vault-operator copied to clipboard
coreos
Run and manage Vault on Kubernetes simply and securely
It would be great to have a way to specify a secondary vault cluster running in a different region(DC) via vault-operator. Similar to what vault has as a secondary performace/DR...
Previously, any node whose health couldn't be queried by `Vaults.updateLocalVaultCRStatus()` would be removed from the standby, sealed, and updated lists of nodes (so long as at least one other node...
If `Vaults.updateLocalVaultCRStatus()` can't query a node or determine that it's healthy, `Vaults.syncUpgrade()` will: 1. Assume an update is in progress. 1. Erroneously determine that the active node is the only...
The etcd-operator allows the customization of the etcd image in the etcd CRD named 'repository', this PR extends that option to the vault-operator as well using the VaultServiceSpec named 'EtcdRepository'....
Hi there I have an issue with my vault cluster. Currently, i don't have any more an active vault pod. ``` kubectl -n default get vault poc-vault -o jsonpath='{.status.vaultStatus.active}' |...
Hello! I think the namespace in `example/k8s_auth/vault-tokenreview-binding.yaml` should be `default` because in the doc [kubernetes-auth-backend](https://github.com/azalio/vault-operator/blob/master/doc/user/kubernetes-auth-backend.md) I see that we create a service account in the default namespace. ``` kubectl -n...
health check for standby returns a failure status code, causing the second vault instance in HA to be marked as failed, which in turn causes deployment to fail. This fixes...
health check for standby returns a failure status code, causing the second vault instance in HA to be marked as failed, which in turn causes deployment to fail. https://github.com/coreos/vault-operator/blob/master/pkg/util/k8sutil/vault.go#L189 and...
* Fixes Issue: #313 * Added Service Account Name to `pkg/apis/vault/v1alpha1/types.go` VaultServiceSpec to resolve `serviceAccountName:{val}`. * Added `ServiceAccountName` field to `pkg/util/k8sutil/vault.go` to allow the vault pods to use a custom,...
