techs07
commented
4 years ago sharing some steps which I have followed to setup custom plugins in Kubernetes. Hope it will help others, till we get best practices to setup plugins.
- Set plugin location helm charts. here we will try to keep in raft storage so that plugins persist across the life cycle of pods. if you set raft path as '/vault/data/' , use plugin directory under that path. plugin_directory = "/vault/data/plugins/"
-
copy plugin to all PVC. If you have three pods then copy plugins to all three PVC. kubectl cp
vault-0:/vault/data/plugins/ Repeat for other pods. kubectl cp vault-1:/vault/data/plugins/ kubectl cp vault-2:/vault/data/plugins/ -
generate shasum shasum -a 256
-
Configure plugin by providing shasum vault write sys/plugins/catalog/plugin_name \ sha256=
\ command="plugin_name" -
Reload the plugin if you are updating any existing plugin. $ cat payload.json { "plugin": "mock-plugin" }
$ curl \ --header "X-Vault-Token: ..." \ --request PUT \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/plugins/reload/backend
- You are all set. configure the plugin and use it.
These plugin will persist even in new pods, provided you are using same PVV.
If anyone has better solution, please update the post. Thanks
stefan-zh
Hi Team,
I want to push some custom backend plugin to vault cluster running on Kubernetes environment. I have gone through the documentation and could find anything relevant to kubernetes. These are the available documentation so far and there is no details about pushing plugin on vault kubernetes cluster. https://www.vaultproject.io/docs/plugin https://www.vaultproject.io/docs/internals/plugins https://learn.hashicorp.com/vault/developer/plugin-backends
Could you please update details like
Environment details: Vault raft cluster with 3 nodes. Vault version: 1.4.1
Thanks