This repository has been archived by the owner on Sep 21, 2023. It is now read-only.
Vault as statefulset #323
Comments
|
Small update for automated unsealing. I had to implement unsealing quickly, so I prototyped a solution with sidecar container[1]. It assumes IAM roles [2] are set for nodes running vault cluster. [1] https://github.com/coreos/vault-operator/compare/master...lleszczu:add_unsealer?expand=1 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm working on automated deployment of vault with operator. What I noticed is that the operator is setting instances as deployment. It makes unsealing particular instances a bit troublesome (I need to check k8s API for IP of particular instance and then connect to it. I believe migrating to statefulset with known DNS names for each instance would make automated unsealing much easier.
What do you think about?
Thanks.
The text was updated successfully, but these errors were encountered: