2ceb27b0c4
* doc: add k8s vault-helm doc * Replace TODO with security warning * Add TLS example * Add production deployment checklist * Add kube hardening guide * Fix link to configuration values * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Fix typo in example * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Update website/source/docs/platform/k8s/helm.html.md Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com> * Remove anchors, add tolerations/selector * Fix rendering of global configuration * Fix sidebar navigation and update links * Add sidebar title to run doc * Add platform index.html * Add relative links * Rename file * Fix titles * Add syntax highlighting to examples * Move platforms in navigation bar
2.0 KiB
layout, page_title, sidebar_current, sidebar_title, description
| layout | page_title | sidebar_current | sidebar_title | description |
|---|---|---|---|---|
| docs | Kubernetes | docs-platform-k8s-index | Kubernetes | This section documents the official integration between Vault and Kubernetes. |
Kubernetes
Vault can be deployed into Kubernetes using the official HashiCorp Vault Helm chart.
The helm chart allows users to deploy Vault in various configurations:
- Dev mode: a single in-memory Vault server for testing Vault
- Standalone mode (default): a single Vault server persisting to a volume using the file storage backend
- HA mode: a cluster of Vault servers that use an HA storage backend such as Consul (default)
Use Cases
Running a Vault Service: The Vault server cluster can run directly on Kubernetes.
This can be used by applications running within Kubernetes as well as external to
Kubernetes, as long as they can communicate to the server via the network.
Accessing and Storing Secrets: Applications using the Vault service running in Kubernetes can access and store secrets from Vault using a number of different secret engines and authentication methods.
Running a Highly Available Vault Service: By using pod affinities, highly available backend storage (such as Consul) and auto-unseal, Vault can become a highly available service in Kubernetes.
Encryption as a Service: Applications using the Vault service running in Kubernetes can leverage the Transit secret engine as "encryption as a service". This allows applications to offload encryption needs to Vault before storage data at rest.
Audit Logs for Vault: Operators can choose to attach a persistent volume to the Vault cluster which can be used to store audit logs.
And more! Vault can run directly on Kubernetes, so in addition to the native integrations provided by Vault itself, any other tool built for Kubernetes can choose to leverage Vault.