I'm trying to find a suitable vault to use for Kubernetes itself and apps that will run on containers. By far many resources point to Hashicorp vault. There exists a vault operator by CoreOS for that but it seems abandoned since April.
We run Kubernetes on AWS with EKS.
Any suggestions what would be possible choices to use? I'm interested a lot to see what are the top choices that are used the most today for this purpose.
Thank you!
Greg
I've tried to setup CoreOS Vault Operator! using helm The Vault operator will provision the vault pods for us. But I found that is it difficult to add more configuration for vault. For example, if you want to integrate Vault with AWS KMS.
After considering, I decided to use Vault! with Consul storage backend and AWS KMS. The vault pods will have consul agents running as sidecar containers.
Here is a part of configuration
storage:
consul:
address: "localhost:8500"
path: vault
seal:
awskms:
region: "us-east-1"
kms_key_id: "XXXX-YYYY-ZZZZ"
access_key:
secret_key:Our usecase is that using vault to manage our dynamic secrets in k8s
The CoreOS Vault operator is beta as of this writing. I would not recommend using it in prod yet. There's also a Bootsport Vault Operator but doesn't seem to be prod ready either.
IMO, as of now, you are better off running standalone Vault Kubernetes Deployments or a StatefulSet. You can use something like this or this to get yourself started. Note: still use it at your own risk.