mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-19 09:41:29 +01:00
Code Issues Projects Releases Wiki Activity
vault/website/pages/docs/platform/k8s/index.mdx
Jeff Escalante 0c9affe582 New Website! (#8154) 
* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes
2020-01-17 16:18:09 -08:00

42 lines
1.9 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Kubernetes
sidebar_title: Kubernetes
description: This section documents the official integration between Vault and Kubernetes.
---
# Kubernetes
Vault can be deployed into Kubernetes using the official HashiCorp Vault Helm chart.
The helm chart allows users to deploy Vault in various configurations:
- Dev mode: a single in-memory Vault server for testing Vault
- Standalone mode (default): a single Vault server persisting to a volume using the file storage backend
- HA mode: a cluster of Vault servers that use an HA storage backend such as Consul (default)
## Use Cases
**Running a Vault Service:** The Vault server cluster can run directly on Kubernetes.
This can be used by applications running within Kubernetes as well as external to
Kubernetes, as long as they can communicate to the server via the network.
**Accessing and Storing Secrets:** Applications using the Vault service running in
Kubernetes can access and store secrets from Vault using a number of different
[secret engines](/docs/secrets) and [authentication methods](/docs/auth).
**Running a Highly Available Vault Service:** By using pod affinities, highly available
backend storage (such as Consul) and [auto-unseal](/docs/concepts/seal.html#auto-unseal),
Vault can become a highly available service in Kubernetes.
**Encryption as a Service:** Applications using the Vault service running in Kubernetes
can leverage the [Transit secret engine](/docs/secrets/transit)
as "encryption as a service". This allows applications to offload encryption needs
to Vault before storing data at rest.
**Audit Logs for Vault:** Operators can choose to attach a persistent volume
to the Vault cluster which can be used to [store audit logs](/docs/audit).
**And more!** Vault can run directly on Kubernetes, so in addition to the
native integrations provided by Vault itself, any other tool built for
Kubernetes can choose to leverage Vault.
Reference in New Issue View Git Blame Copy Permalink