Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nimbolus/vault-mgmt
Manage Vault clusters running in Kubernetes
https://github.com/nimbolus/vault-mgmt
kubernetes vault
Last synced: about 2 months ago
JSON representation
Manage Vault clusters running in Kubernetes
- Host: GitHub
- URL: https://github.com/nimbolus/vault-mgmt
- Owner: nimbolus
- License: mit
- Created: 2023-04-17T14:30:04.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-08-12T08:09:08.000Z (5 months ago)
- Last Synced: 2024-10-13T02:08:42.507Z (3 months ago)
- Topics: kubernetes, vault
- Language: Rust
- Homepage:
- Size: 140 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vault-mgmt
## Requirements
+ Vault is running in Kubernetes.
+ [Service Registration](https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes) is configured
## Features
+ Unseal a Vault Pod.
+ Either supply a command that returns the unseal keys
+ or let the program retrieve the keys from a Vault secret.
+ Step-down the active Pod.
+ Upgrade a single Pod.
+ Upgrade the full cluster without downtime.
## Testing
Unit tests can be run normally by cargo: `cargo test`.
End-to-end tests require a Kubernetes cluster and will install, upgrade and uninstall (except on failure) several deployments of a Vault cluster in the current `kubecontext` (namespace is set by environment variable `VAULT_MGMT_E2E_NAMESPACE`, defaulting to `vault-mgmt-e2e`). You can create the Namespace and NetworkPolicy from `e2e-preparation.yaml`.
The Pods are using `emptyDir` as storage and should not consume a PV.
The storage is not part of the tests, only the clustering and active/standby transitions.
You can run those tests by calling `cargo test --ignored` with a working `kubeconfig` and existing namespace.