mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-30 11:01:09 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/docs/platform/k8s/helm/enterprise.mdx
Theron Voran ed9a06a1ae
docs: update for vault-helm v0.13.0 (#11890)
2021-06-17 12:25:19 -07:00

85 lines
3.0 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Vault Enterprise License Management - Kubernetes
description: >-
Vault Helm supports deploying Vault Enterprise, including license autoloading.
---
# Vault Enterprise License Management
You can use this Helm chart to deploy Vault Enterprise by following a few extra steps around licensing.
~> **Note:** As of Vault Enterprise 1.8, the license must be specified via HCL configuration or environment variables on startup, unless the Vault cluster was created with an older Vault version and the license was stored, or the Vault Enterprise binary has the license baked in (`prem` or `pro` version tags). More information is available in the [Vault Enterprise License docs](/docs/enterprise/license).
## Vault Enterprise 1.8+
First create a Kubernetes secret using the contents of your license file. For example, the following commands create a secret with the name `vault-ent-license` and key `license`:
```bash
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
kubectl create secret generic vault-ent-license --from-literal="license=${secret}"
```
-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager.
In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/helm/configuration#image-2) to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Also set the name of the secret you just created in [`server.enterpriseLicense`](/docs/platform/k8s/helm/configuration#enterpriselicense).
```yaml
# config.yaml
server:
image:
repository: hashicorp/vault-enterprise
tag: 1.8.0_ent
enterpriseLicense:
secretName: vault-ent-license
```
Now run `helm install`:
```shell-session
$ helm install hashicorp hashicorp/vault -f config.yaml
```
Once the cluster is [initialized and unsealed](/docs/platform/k8s/helm/run), you may check the license status using the `vault license get` command:
```shell
kubectl exec -ti vault-0 -- vault license get
```
## Vault Enterprise prior to 1.8
In your chart overrides, set the values of `server.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Install the chart, and initialize and unseal vault as described in [Running Vault](/docs/platform/k8s/helm/run).
After Vault has been initialized and unsealed, setup a port-forward tunnel to the Vault Enterprise cluster:
```shell
kubectl port-forward vault-0 8200:8200
```
Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
```json
{
"text": "01ABCDEFG..."
}
```
Finally, using curl, apply the license key to the Vault API:
```bash
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
To verify that the license installation worked correctly, using `curl`, run the following:
```shell
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
http://127.0.0.1:8200/v1/sys/license
```
Reference in New Issue View Git Blame Copy Permalink