Kubernetes 如何将S3配置为hashicorp vault的后端存储
我有一个正在运行的EKS群集,我想使用Terraform在该群集上部署Vault,我的代码在部署时运行良好。这是我的主要任务Kubernetes 如何将S3配置为hashicorp vault的后端存储,kubernetes,terraform,amazon-eks,hashicorp-vault,Kubernetes,Terraform,Amazon Eks,Hashicorp Vault,我有一个正在运行的EKS群集,我想使用Terraform在该群集上部署Vault,我的代码在部署时运行良好。这是我的主要任务 data "aws_eks_cluster" "default" { name = var.eks_cluster_name } data "aws_eks_cluster_auth" "default" { name = var.eks_cluster_name } resour
data "aws_eks_cluster" "default" {
name = var.eks_cluster_name
}
data "aws_eks_cluster_auth" "default" {
name = var.eks_cluster_name
}
resource "kubernetes_namespace" "vault" {
metadata {
name = "vault"
}
}
resource "helm_release" "vault" {
name = "vault"
repository = "https://helm.releases.hashicorp.com/"
chart = "vault"
namespace = kubernetes_namespace.vault.metadata.0.name
values = [
"${file("values.json")}"
]
}
provider "kubernetes" {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.default.token
load_config_file = false
}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.default.token
load_config_file = false
}
}
这是values.json
server:
image:
repository: vault
tag: latest
dataStorage:
enabled: true
auditStorage:
enabled: true
ha:
enabled: true
replicas: 1
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "s3" {
access_key = "xxxxxxxxx"
secret_key = "xxxxxxxxxx"
bucket = "xxxx-vault"
region = "xxxx-xxxx-x"
}
service_registration "kubernetes" {}
extraVolumes:
- type: secret
name: tls
extraEnvironmentVars:
VAULT_ADDR: https://127.0.0.1:8200
VAULT_SKIP_VERIFY: true
ui:
enabled: true
serviceType: LoadBalancer
但它并不是每次部署后都将我的S3存储桶作为存储,而是将文件系统作为存储,而不是给定S3存储桶。这里怎么了?您认为您的值文件中缺少一个键:
ha:
enabled: true
replicas: 1
config: |
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "s3" {
access_key = "xxxxxxxxx"
secret_key = "xxxxxxxxxx"
bucket = "xxxx-vault"
region = "xxxx-xxxx-x"
}
service_registration "kubernetes" {}
为什么您的
values.json
文件是YAML格式的?即使是这样,它也不是正确的YAML格式,因为库配置中的JSON格式是正确的,即YAML,而不是S3,所有的东西都在工作。更重要的一点是,它甚至不是有效的YAML,因为它有一个JSON块在中间。