Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sharantangeda/vault-auto-unsealer
https://github.com/sharantangeda/vault-auto-unsealer
hashicorp hashicorp-vault kubernetes kubernetes-setup
Last synced: 2 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/sharantangeda/vault-auto-unsealer
- Owner: SHARANTANGEDA
- Created: 2022-05-01T09:14:08.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-05-01T09:18:18.000Z (over 2 years ago)
- Last Synced: 2024-12-13T20:15:48.126Z (21 days ago)
- Topics: hashicorp, hashicorp-vault, kubernetes, kubernetes-setup
- Language: Shell
- Homepage:
- Size: 1.95 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
README
# Auto Unsealer for Hashicorp Vault on Kubernetes
- Hashicorp vault doesn't provide an easy way to unseal the vault when deployed in HA mode.
- This repo solves that problem by unsealing pods which are not in ready state
## Manual One Time Setup
### Secrets
- Get unseal keys after first-time deployment with helm charts using
- `kubectl exec -ti -n vault -- vault operator init`
- Create secret with name `vault-unseal-keys` and add 3 or whatever unlock threshold set (might have to update cron)
- add keys with name `key_1`, `key_2` or `key_3` etc
### Update Namespace & deployment in cron.yaml
- Update arguments in line 57 of `cron.yaml` with your namespace & statefulset-name
## Deployment
- `configmap.yaml` contains the shell script used to unseal the vault pods
- `sa.yaml` contains YAMLs to create service account and give needed roles for applying it
- `cron.yaml` contains kubernetes Cron Job that runs every minute to unseal vault