feat(vault): deploy HashiCorp Vault 2.0.1 with raft HA (5 replicas)
StatefulSet with templated PVC (cephrbd-fast-delete, 10Gi), headless service for raft cluster communication, HTTPS gateway (443→8200), and kubernetes provider retry_join for automatic cluster formation.
This commit is contained in:
@@ -0,0 +1,19 @@
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
address = "0.0.0.0:8200"
|
||||
cluster_address = "0.0.0.0:8201"
|
||||
tls_disable = "true"
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/vault/data"
|
||||
|
||||
retry_join {
|
||||
auto_join = "provider=k8s label_selector=\"app.kubernetes.io/name=vault\" namespace=\"vault\""
|
||||
auto_join_scheme = "http"
|
||||
auto_join_port = 8200
|
||||
}
|
||||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
Reference in New Issue
Block a user