vault-k8s

First-class support for Vault and Kubernetes. (by hashicorp)
Add to my DEV experience Suggest topics
Source Code
vault-k8s Reviews
Suggest alternative
Edit details
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
Sponsored

Vault-k8s Alternatives

Similar projects and alternatives to vault-k8s

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better vault-k8s alternative or higher similarity.
Suggest an alternative to vault-k8s

vault-k8s reviews and mentions

Posts with mentions or reviews of vault-k8s. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-18.
  • How to expose the UI and API endpoint in HA TLS RAFT config
    1 project | /r/hashicorp | 8 Mar 2023
    enabled: true # Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/ image: repository: "hashicorp/vault-k8s" tag: "latest" resources: requests: memory: 256Mi cpu: 250m limits: memory: 256Mi cpu: 250m server: # These Resource Limits are in line with node requirements in the # Vault Reference Architecture for a Small Cluster resources: requests: memory: 8Gi cpu: 2000m limits: memory: 16Gi cpu: 2000m # For HA configuration and because we need to manually init the vault, # we need to define custom readiness/liveness Probe settings readinessProbe: enabled: true path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204" livenessProbe: enabled: true path: "/v1/sys/health?standbyok=true" initialDelaySeconds: 60 # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be # used to include variables required for auto-unseal. extraEnvironmentVars: VAULT_CACERT: /vault/userconfig/tls-ca/ca.crt # extraVolumes is a list of extra volumes to mount. These will be exposed # to Vault in the path \/vault/userconfig//`. extraVolumes: - type: secret name: tls-ca - type: secret name: tls-listener-1 - type: secret name: tls-server # This configures the Vault Statefulset to create a PVC for audit logs. # See https://www.vaultproject.io/docs/audit/index.html to know more auditStorage: enabled: true storageClass: solidfire-gold dataStorage: enabled: true storageClass: solidfire-gold standalone: enabled: false # Run Vault in "HA" mode. ha: enabled: true replicas: 3 raft: enabled: true setNodeId: true config: |          ui = true          listener "tcp" {            address = "0.0.0.0:8200"            cluster_address = "0.0.0.0:8201"            tls_cert_file = "/vault/userconfig/tls-listener-1/server.crt"            tls_key_file = "/vault/userconfig/tls-listener-1/server.key"            tls_client_ca_file = "/vault/userconfig/tls-ca/ca.crt"          }          storage "raft" {            path = "/vault/data"            retry_join {              leader_api_addr = "https://vault-0.vault-internal:8200"`               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             retry_join {               leader_api_addr = "https://vault-1.vault-internal:8200"               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             retry_join {               leader_api_addr = "https://vault-2.vault-internal:8200"               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             autopilot {               cleanup_dead_servers = "true"               last_contact_threshold = "200ms"               last_contact_failure_threshold = "10m"               max_trailing_logs = 250000               min_quorum = 3               server_stabilization_time = "10s"             }           }           service_registration "kubernetes" {} # Vault UI ui: enabled: true serviceType: "LoadBalancer" externalPort: 8443 loadBalancerIP: 10.193.124.70 loadBalancerSourceRanges: - 0.0.0.0/0
  • Raft heartbeat failures
    1 project | /r/hashicorp | 5 Mar 2023
    vault: global: enabled: true tlsDisable: false injector: enabled: true # Use the Vault K8s Image https://github.com/hashicorp/vault-k8s/ image: repository: "hashicorp/vault-k8s" tag: "latest" resources: requests: memory: 256Mi cpu: 250m limits: memory: 256Mi cpu: 250m server: # These Resource Limits are in line with node requirements in the # Vault Reference Architecture for a Small Cluster resources: requests: memory: 8Gi cpu: 2000m limits: memory: 16Gi cpu: 2000m # For HA configuration and because we need to manually init the vault, # we need to define custom readiness/liveness Probe settings readinessProbe: enabled: true path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204" livenessProbe: enabled: true path: "/v1/sys/health?standbyok=true" initialDelaySeconds: 60 # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be # used to include variables required for auto-unseal. extraEnvironmentVars: VAULT_CACERT: /vault/userconfig/tls-ca/ca.crt # extraVolumes is a list of extra volumes to mount. These will be exposed # to Vault in the path \/vault/userconfig//`. extraVolumes: - type: secret name: tls-listener - type: secret name: tls-server - type: secret name: tls-ca # This configures the Vault Statefulset to create a PVC for audit logs. # See https://www.vaultproject.io/docs/audit/index.html to know more auditStorage: enabled: true storageClass: solidfire-gold dataStorage: enabled: true storageClass: solidfire-gold standalone: enabled: false # Run Vault in "HA" mode. ha: enabled: true replicas: 3 raft: enabled: true setNodeId: true config: |          ui = true          listener "tcp" {            address = "[::]:8200"            cluster_address = "[::]:8201"            tls_cert_file = "/vault/userconfig/tls-listener/server.crt"            tls_key_file = "/vault/userconfig/tls-listener/server.key"            tls_client_ca_file = "/vault/userconfig/tls-ca/ca.crt"          }          storage "raft" {            path = "/vault/data"            retry_join {              leader_api_addr = "https://vault-0.vault-internal:8200"`               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             retry_join {               leader_api_addr = "https://vault-1.vault-internal:8200"               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             retry_join {               leader_api_addr = "https://vault-2.vault-internal:8200"               leader_ca_cert_file = "/vault/userconfig/tls-ca/ca.crt"               leader_client_cert_file = "/vault/userconfig/tls-server/server.crt"               leader_client_key_file = "/vault/userconfig/tls-server/server.key"             }             autopilot {               cleanup_dead_servers = "true"               last_contact_threshold = "200ms"               last_contact_failure_threshold = "10m"               max_trailing_logs = 250000               min_quorum = 5               server_stabilization_time = "10s"             }           }           service_registration "kubernetes" {} # Vault UI ui: enabled: true serviceType: "LoadBalancer" serviceNodePort: null externalPort: 8200
  • GitOps and Kubernetes – Secure Handling of Secrets
    7 projects | dev.to | 18 Jan 2023
    Hashicorp Vault k8s is an operator that modifies pods via a mutating webhook to connect between vault and pod via sidecars (additional containers) to provide secrets. This has the major advantage that no secret objects are created in Kubernetes here. The disadvantage is that this way only works with Vault.
  • Practices to Retrieve Vault Credentials
    1 project | /r/devops | 30 Dec 2021
  • Solving ArgoCD Secret Management with the argocd-vault-plugin
    2 projects | /r/kubernetes | 6 Feb 2021
    They’ve made it so you can define the order that the vault sidecar starts in, so that the proxy will be running first. https://github.com/hashicorp/vault-k8s/issues/53
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 25 Apr 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Stats

Basic vault-k8s repo stats
5
768
8.5
6 days ago

hashicorp/vault-k8s is an open source project licensed under Mozilla Public License 2.0 which is an OSI approved license.

The primary programming language of vault-k8s is Go.

Popular Comparisons

  1. vault-k8s VS kubernetes-external-secrets
  2. vault-k8s VS sops-secrets-operator
  3. vault-k8s VS argocd-vault-plugin
  4. vault-k8s VS sealed-secrets-web

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com