Hashicorp Vault:Install Vault on Kubernetes

今天介绍如何透过helm快速安装Vault在Kubernetes上，并调整符合自己需求的spec.

用法

1. 加入Hashicorp helm repository

$ helm repo add hashicorp https://helm.releases.hashicorp.com

2. 更新helm repository

$ helm repo update

3. 安装

$ helm install vault hashicorp/vault

4. values.yaml额外的设定可以参考 github hashicorp/vault-helm

helm install \
  vault \
  hashicorp/vault \
  --namespace $NAMESPACE \
  --version $CHART_VERSION \
  --values $VALUES_FILE

5. 查看 helm template, 可以知道package内容.

$ helm template vault hashicorp/vault

---
# Source: vault/templates/injector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-agent-injector
  namespace: default
  labels:
    app.kubernetes.io/name: vault-agent-injector
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
---
# Source: vault/templates/server-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault
  namespace: default
  labels:
    helm.sh/chart: vault-0.16.0
    app.kubernetes.io/name: vault
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
---
# Source: vault/templates/server-config-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-config
  namespace: default
  labels:
    helm.sh/chart: vault-0.16.0
    app.kubernetes.io/name: vault
    app.kubernetes.io/instance: vault
    app.kubernetes.io/managed-by: Helm
data:
  extraconfig-from-values.hcl: |-
    disable_mlock = true
    ui = true

    listener "tcp" {
      tls_disable = 1
      address = "[::]:8200"
      cluster_address = "[::]:8201"
    }
    storage "file" {
      path = "/vault/data"
    }
    
    ...