The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.
We're setting up a Vault cluster with 3 nodes using Consul for the backend storage in HA mode. VAULT_ADVERTISE_ADDR environment variable is the address to advertise to bound applications as the Vault's address. If this is the single IP address of one of Vault nodes and when this node is unavailable, how can the app know what are the IP addresses of the other Vault nodes for connect to in the failover?
Do we need to add a load balancer in front of the Vault nodes and use the IP/DNS of the load balancer in VAULT_ADVERTISE_ADDR environment variable? It looked like the Vault service broker assumes that bound applications should access the Vault HA cluster via a load balancer, but could you please confirm.
If we need to provide a list of IP addresses of all Vault nodes in HA cluster to a bound app, so the app can directly connect to first Vault node and fail over to the other node addresses in the list if first node is unavailable. Does Vault service broker support the direct node connection with Vault HA cluster? We can put multiple IP addresses in VAULT_ADVERTISE_ADDR, but I'm not sure if it's recommended. Should the Vault service broker introduce another environment variable (VAULT_ADVERTISE_ADDRS) to hold multiple IP addresses for HA cluster use case?
We're setting up a Vault cluster with 3 nodes using Consul for the backend storage in HA mode. VAULT_ADVERTISE_ADDR environment variable is the address to advertise to bound applications as the Vault's address. If this is the single IP address of one of Vault nodes and when this node is unavailable, how can the app know what are the IP addresses of the other Vault nodes for connect to in the failover?
Do we need to add a load balancer in front of the Vault nodes and use the IP/DNS of the load balancer in VAULT_ADVERTISE_ADDR environment variable? It looked like the Vault service broker assumes that bound applications should access the Vault HA cluster via a load balancer, but could you please confirm.
If we need to provide a list of IP addresses of all Vault nodes in HA cluster to a bound app, so the app can directly connect to first Vault node and fail over to the other node addresses in the list if first node is unavailable. Does Vault service broker support the direct node connection with Vault HA cluster? We can put multiple IP addresses in VAULT_ADVERTISE_ADDR, but I'm not sure if it's recommended. Should the Vault service broker introduce another environment variable (VAULT_ADVERTISE_ADDRS) to hold multiple IP addresses for HA cluster use case?