I have a running EKS cluster I want to deploy Vault on that cluster using Terraform, my code is working fine while deploying. This is my main.tf
data "aws_eks_cluster" "default" {
name = var.eks_cluster_name
}
data "aws_eks_cluster_auth" "default" {
name = var.eks_cluster_name
}
resource "kubernetes_namespace" "vault" {
metadata {
name = "vault"
}
}
resource "helm_release" "vault" {
name = "vault"
repository = "https://helm.releases.hashicorp.com/"
chart = "vault"
namespace = kubernetes_namespace.vault.metadata.0.name
values = [
"${file("values.json")}"
]
}
provider "kubernetes" {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.default.token
load_config_file = false
}
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.default.token
load_config_file = false
}
}
And this is values.json
server:
image:
repository: vault
tag: latest
dataStorage:
enabled: true
auditStorage:
enabled: true
ha:
enabled: true
replicas: 1
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "s3" {
access_key = "xxxxxxxxx"
secret_key = "xxxxxxxxxx"
bucket = "xxxx-vault"
region = "xxxx-xxxx-x"
}
service_registration "kubernetes" {}
extraVolumes:
- type: secret
name: tls
extraEnvironmentVars:
VAULT_ADDR: https://127.0.0.1:8200
VAULT_SKIP_VERIFY: true
ui:
enabled: true
serviceType: LoadBalancer
but it is not taking my S3 bucket as storage after deploy every time it is taking file system as storage not given S3 bucket. Whats wrong here?
think you missed a key in your values files:
ha:
enabled: true
replicas: 1
config: |
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "s3" {
access_key = "xxxxxxxxx"
secret_key = "xxxxxxxxxx"
bucket = "xxxx-vault"
region = "xxxx-xxxx-x"
}
service_registration "kubernetes" {}