We have a Vault operator built on bank-vaults features as:
- external, API based configuration (secret engines, auth methods, policies) to automatically re/configure a Vault cluster
- automatic unsealing (AWS, GCE, Azure, Alibaba, Kubernetes Secrets (for dev purposes), Oracle)
- TLS support
The operator flow is the following:
The source code can be found inside the operator directory.
There are two ways to deploy the operator:
kubectl apply -f operator/deploy/rbac.yaml
kubectl apply -f operator/deploy/operator.yamlThis will create a Kubernetes CustomResourceDefinition called Vault.
A documented example of this CRD can be found in operator/deploy/cr.yaml.
There is a Helm chart available to deploy the Vault Operator.
helm init -c
helm repo add banzaicloud-stable http://kubernetes-charts.banzaicloud.com/branch/master
helm install banzaicloud-stable/vault-operatorFor further details follow the operator's Helm chart repository.