thereallukl
commented
6 years ago Small update for automated unsealing. I had to implement unsealing quickly, so I prototyped a solution with sidecar container[1]. It assumes IAM roles [2] are set for nodes running vault cluster.
[1] https://github.com/coreos/vault-operator/compare/master...lleszczu:add_unsealer?expand=1 [2] https://github.com/jetstack/vault-unsealer/pull/9/files
raoofm
I'm working on automated deployment of vault with operator. What I noticed is that the operator is setting instances as deployment. It makes unsealing particular instances a bit troublesome (I need to check k8s API for IP of particular instance and then connect to it. I believe migrating to statefulset with known DNS names for each instance would make automated unsealing much easier. What do you think about?
Thanks.