I am trying to register a plugin for vault set up on GKE.
However, when i try and register the plugin i get an error message: * could not set plugin, plugin directory is not configured
Does anyone know how i can set a plugin directory and add in the github repo for the plugin into this directory.
I believe this needs to be done within the vault config file but unsure on how this is achieved on GKE.
If you have a similar setup as the one described in the Using HashiCorp Vault on GKE guide, you can set the plugin_directory in the $VAULT_LOCAL_CONFIG environment variable for the vault container in the StatefulSet, like this:
$ kubectl edit statefulset vault
spec:
...
template:
...
spec:
...
containers:
...
- args:
...
env:
...
- name: VAULT_LOCAL_CONFIG
value: |
plugin_directory = "/etc/vault/plugins"
...For adding the plugin binary into the plugin_directory for all pods, you can for instance use a gcePersistentDisk volume or just have the container download it on startup. For example, I could register this vault-auth-plugin-example plugin with $ vault write sys/plugins/catalog/example-auth-plugin sha_256=$SHA256 command="vault-auth-plugin-example" after adding these command and args arrays into the vault StatefulSet:
$ kubectl edit statefulset vault
spec:
...
template:
...
spec:
...
containers:
...
- args:
...
name: vault
command: ["/bin/sh"]
args: ["-c", "(mkdir -vp /etc/vault/plugins && cd /etc/vault/plugins && wget -O- https://github.com/hashicorp/vault-auth-plugin-example/releases/download/v0.1.0/vault-auth-plugin-example_0.1.0_linux_amd64.tgz | tar xzf -) && docker-entrypoint.sh server"]
...