mirror of
https://github.com/hashicorp/vault.git
synced 2025-09-19 12:51:08 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
66 lines
2.6 KiB
Plaintext
66 lines
2.6 KiB
Plaintext
---
|
|
layout: 'docs'
|
|
page_title: 'Highly available Vault Enterprise cluster with integrated storage (Raft)'
|
|
sidebar_current: 'docs-platform-k8s-examples-enterprise-with-raft'
|
|
description: >-
|
|
Learn how to set up a highly available Vault Enterprise cluster with integrated storage (Raft) as the storage backend.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Highly available Vault Enterprise cluster with integrated storage (Raft)
|
|
|
|
@include 'helm/version.mdx'
|
|
|
|
Integrated Storage (raft) can be enabled using the `server.ha.raft.enabled` value:
|
|
|
|
```shell
|
|
helm install vault hashicorp/vault \
|
|
--set='server.image.repository=hashicorp/vault-enterprise' \
|
|
--set='server.image.tag=1.19.0-ent' \
|
|
--set='server.ha.enabled=true' \
|
|
--set='server.ha.raft.enabled=true'
|
|
```
|
|
|
|
-> For license configuration refer to [Running Vault Enterprise](/vault/docs/platform/k8s/helm/enterprise).
|
|
|
|
Next, initialize and unseal `vault-0` pod:
|
|
|
|
```shell
|
|
kubectl exec -ti vault-0 -- vault operator init
|
|
kubectl exec -ti vault-0 -- vault operator unseal
|
|
```
|
|
|
|
Finally, join the remaining pods to the Raft cluster and unseal them. The pods
|
|
will need to communicate directly so we'll configure the pods to use the internal
|
|
service provided by the Helm chart:
|
|
|
|
```shell
|
|
kubectl exec -ti vault-1 -- vault operator raft join http://vault-0.vault-internal:8200
|
|
kubectl exec -ti vault-1 -- vault operator unseal
|
|
|
|
kubectl exec -ti vault-2 -- vault operator raft join http://vault-0.vault-internal:8200
|
|
kubectl exec -ti vault-2 -- vault operator unseal
|
|
```
|
|
|
|
To verify if the Raft cluster has successfully been initialized, run the following.
|
|
|
|
First, login using the `root` token on the `vault-0` pod:
|
|
|
|
```shell
|
|
kubectl exec -ti vault-0 -- vault login
|
|
```
|
|
|
|
Next, list all the raft peers:
|
|
|
|
```shell
|
|
$ kubectl exec -ti vault-0 -- vault operator raft list-peers
|
|
|
|
Node Address State Voter
|
|
---- ------- ----- -----
|
|
a1799962-8711-7f28-23f0-cea05c8a527d vault-0.vault-internal:8201 leader true
|
|
e6876c97-aaaa-a92e-b99a-0aafab105745 vault-1.vault-internal:8201 follower true
|
|
4b5d7383-ff31-44df-e008-6a606828823b vault-2.vault-internal:8201 follower true
|
|
```
|