By default, the chart runs in standalone mode. This mode uses a single Vault server with a file storage backend. This is a less secure and less resilient installation that is NOT appropriate for a production setup. It is highly recommended to use a properly secured Kubernetes cluster, learn the available configuration options, and read the production deployment checklist.
Post installation configuration
# Initialize the Vault operator. # ATTENTION: Write down the "Unseal Keys" and "Initial Root Token". kubectl --namespace vault exec --tty --stdin vault-0 -- vault operator init # Unseal the cluster. # Repeat this step 3 times each time with a different unseal key. kubectl --namespace vault exec --tty --stdin vault-0 -- vault operator unseal
Additionally you have to make sure that you have the Vault binary installed locally on your workstation.
High Availability with Raft
Please refer to the official documentation: https://developer.hashicorp.com/vault/docs/platform/k8s/helm/examples/ha-with-raft
Accessing the UI Frontend
Next create the Kubernetes Manifest for the Ingress resource and apply it. Here an example for Nginx:
cat <<EOF | kubectl -n vault apply -f - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: vault-ingress annotations: kubernetes.io/ingress.class: nginx spec: rules: - host: vault.<MY_CIVO_CLUSTER_DNS_NAME> http: paths: - path: / pathType: Prefix backend: service: name: vault-internal port: number: 8200 EOF