mirror of
https://github.com/hashicorp/vault.git
synced 2025-09-19 12:51:08 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
79 lines
2.2 KiB
Plaintext
79 lines
2.2 KiB
Plaintext
---
|
|
layout: 'docs'
|
|
page_title: 'Highly available Vault cluster with Consul'
|
|
sidebar_current: 'docs-platform-k8s-examples-ha-with-consul'
|
|
description: >-
|
|
Learn how to set up a highly available Vault cluster with Consul as the storage backend.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Highly available Vault cluster with Consul
|
|
|
|
@include 'helm/version.mdx'
|
|
|
|
@include 'consul-dataplane-compat.mdx'
|
|
|
|
The below `values.yaml` can be used to set up a five server Vault cluster using
|
|
Consul as a highly available storage backend, Google Cloud KMS for Auto Unseal.
|
|
|
|
```yaml
|
|
server:
|
|
extraEnvironmentVars:
|
|
GOOGLE_REGION: global
|
|
GOOGLE_PROJECT: myproject
|
|
GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/my-gcp-iam/myproject-creds.json
|
|
|
|
volumes:
|
|
- name: userconfig-my-gcp-iam
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: my-gcp-iam
|
|
|
|
volumeMounts:
|
|
- mountPath: /vault/userconfig/my-gcp-iam
|
|
name: userconfig-my-gcp-iam
|
|
readOnly: true
|
|
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: {{ template "vault.name" . }}
|
|
release: "{{ .Release.Name }}"
|
|
component: server
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
service:
|
|
enabled: true
|
|
|
|
ha:
|
|
enabled: true
|
|
replicas: 5
|
|
|
|
config: |
|
|
ui = true
|
|
|
|
listener "tcp" {
|
|
tls_disable = 1
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
}
|
|
|
|
storage "consul" {
|
|
path = "vault"
|
|
address = "HOST_IP:8500"
|
|
}
|
|
|
|
seal "gcpckms" {
|
|
project = "myproject"
|
|
region = "global"
|
|
key_ring = "vault-unseal-kr"
|
|
crypto_key = "vault-unseal-key"
|
|
}
|
|
|
|
service_registration "kubernetes" {}
|
|
```
|