{"id":13500427,"url":"https://github.com/coreos/vault-operator","last_synced_at":"2025-03-29T07:30:52.950Z","repository":{"id":57510584,"uuid":"93683064","full_name":"coreos/vault-operator","owner":"coreos","description":"Run and manage Vault on Kubernetes simply and securely","archived":true,"fork":false,"pushed_at":"2020-03-11T03:18:29.000Z","size":568,"stargazers_count":760,"open_issues_count":58,"forks_count":110,"subscribers_count":38,"default_branch":"master","last_synced_at":"2024-05-22T14:32:18.323Z","etag":null,"topics":["kubernetes","operator","operators","security","vault"],"latest_commit_sha":null,"homepage":"https://coreos.com/blog/introducing-vault-operator-project","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/coreos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-07T21:56:36.000Z","updated_at":"2024-04-29T01:22:03.000Z","dependencies_parsed_at":"2022-09-26T16:31:09.078Z","dependency_job_id":null,"html_url":"https://github.com/coreos/vault-operator","commit_stats":null,"previous_names":["coreos-inc/vault-operator"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coreos%2Fvault-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coreos%2Fvault-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coreos%2Fvault-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coreos%2Fvault-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/coreos","download_url":"https://codeload.github.com/coreos/vault-operator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246155984,"owners_count":20732355,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","operator","operators","security","vault"],"created_at":"2024-07-31T22:01:00.384Z","updated_at":"2025-03-29T07:30:52.621Z","avatar_url":"https://github.com/coreos.png","language":"Go","readme":"# Vault Operator\n\n### Project status: beta\nThe basic features have been completed, and while no breaking API changes are currently planned, the API can change in a backwards incompatible way before the project is declared stable.\n\n## Overview\nThe Vault operator deploys and manages [Vault][vault] clusters on Kubernetes. Vault instances created by the Vault operator are highly available and support automatic failover and upgrade.\n\n\n## Getting Started\n\n### Prerequisites\n\n- Kubernetes 1.8+\n\n### Configuring RBAC\n\nConsult the [RBAC guide](./doc/user/rbac.md) on how to configure RBAC for the Vault operator.\n\n\n### Deploying the etcd operator\n\nThe Vault operator employs the [etcd operator][etcd-operator] to deploy an etcd cluster as the storage backend.\n\n1. Create the etcd operator Custom Resource Definitions (CRD):\n\n    ```\n    kubectl create -f example/etcd_crds.yaml\n    ``` \n2. Deploy the etcd operator:\n\n    ```sh\n    kubectl -n default create -f example/etcd-operator-deploy.yaml\n    ```\n\n### Deploying the Vault operator\n\n1. Create the Vault CRD:\n\n    ```\n    kubectl create -f example/vault_crd.yaml\n    ```\n\n2. Deploy the Vault operator:\n\n    ```\n    kubectl -n default create -f example/deployment.yaml\n    ```\n\n3. Verify that the operators are running:    \n\n      ```\n      $ kubectl -n default get deploy\n      NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE\n      etcd-operator    1         1         1            1           5m\n      vault-operator   1         1         1            1           5m\n      ```\n\n\n### Deploying a Vault cluster\n\nA Vault cluster can be deployed by creating a `VaultService` Custom Resource(CR). For each Vault cluster the Vault operator will also create an etcd cluster for the storage backend.\n\n1. Create a Vault CR that deploys a 2 node Vault cluster in high availablilty mode:\n\n    ```\n    kubectl -n default create -f example/example_vault.yaml\n    ```\n\n2. Wait until the `example-...` pods for the etcd and Vault cluster are up:\n\n    ```\n    $ kubectl -n default get pods\n    NAME                              READY     STATUS    RESTARTS   AGE\n    etcd-operator-78899f87f6-qdn5h    3/3       Running   0          10m\n    example-7678c8f49c-kfx2w          1/2       Running   0          2m\n    example-7678c8f49c-pqrj8          1/2       Running   0          2m\n    example-etcd-7lpjg7n76d           1/1       Running   0          2m\n    example-etcd-dhxrksssgx           1/1       Running   0          2m\n    example-etcd-s7mzhffz92           1/1       Running   0          2m\n    vault-operator-5976f74f84-pxkf6   1/1       Running   0          10m\n    ```\n\n3. Get the Vault pods:\n\n    ```\n    $ kubectl -n default get pods -l app=vault,vault_cluster=example\n    NAME                       READY     STATUS    RESTARTS   AGE\n    example-7678c8f49c-kfx2w   1/2       Running   0          2m\n    example-7678c8f49c-pqrj8   1/2       Running   0          2m\n    ```\n\n4. Check the Vault CR status:\n\n    ```\n    $ kubectl -n default get vault example -o yaml\n    apiVersion: vault.security.coreos.com/v1alpha1\n    kind: VaultService\n    metadata:\n        name: example\n        namespace: default\n        ...\n    spec:\n        nodes: 2\n        version: 0.9.1-0\n        ...\n    status:\n        initialized: false\n        phase: Running\n        updatedNodes:\n        - example-7678c8f49c-kfx2w\n        - example-7678c8f49c-pqrj8\n        vaultStatus:\n            active: \"\"\n            sealed:\n            - example-7678c8f49c-kfx2w\n            - example-7678c8f49c-pqrj8\n            standby: null\n        ...\n    ```\n\n    The Vault CR status shows the cluster is currently uninitialized and sealed.\n\n### Using the Vault cluster\n\nSee the [Vault usage guide](./doc/user/vault.md) on how to initialize, unseal, and use the deployed Vault cluster.\n\nConsult the [monitoring guide](./doc/user/monitoring.md) on how to monitor and alert on a Vault cluster with Prometheus.\n\nSee the [recovery guide](./doc/user/recovery.md) on how to backup and restore Vault cluster data using the etcd opeartor\n\nFor an overview of the default TLS configuration or how to specify custom TLS assets for a Vault cluster see the [TLS setup guide](doc/user/tls_setup.md).\n\n### Uninstalling Vault operator\n\n1. Delete the Vault custom resource:\n\n    ```\n    kubectl -n default delete -f example/example_vault.yaml\n    ```\n\n2. Delete the operators and other resources:\n\n    ```\n    kubectl -n default delete deploy vault-operator etcd-operator\n    kubectl -n default delete -f example/rbac.yaml\n    ```\n\n[vault]: https://www.vaultproject.io/\n[etcd-operator]: https://github.com/coreos/etcd-operator/\n","funding_links":[],"categories":["Go","Repository is obsolete","operator候选列表"],"sub_categories":["Awesome Operators in the Wild","部署类型"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoreos%2Fvault-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoreos%2Fvault-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoreos%2Fvault-operator/lists"}