How to configure S3 as backend storage for hashicorp vault

10/9/2020

I have a running EKS cluster I want to deploy Vault on that cluster using Terraform, my code is working fine while deploying. This is my main.tf

data "aws_eks_cluster" "default" {
  name = var.eks_cluster_name
}

data "aws_eks_cluster_auth" "default" {
  name = var.eks_cluster_name
}

resource "kubernetes_namespace" "vault" {
  metadata {
        name = "vault"
  }
}

resource "helm_release" "vault" {
  name      = "vault"
  repository = "https://helm.releases.hashicorp.com/"
  chart     = "vault"
  namespace = kubernetes_namespace.vault.metadata.0.name

values = [
    "${file("values.json")}"
  ]
}



provider "kubernetes" {
  host                   = data.aws_eks_cluster.default.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.default.token
  load_config_file       = false
}

provider "helm" {
  kubernetes {
    host                   = data.aws_eks_cluster.default.endpoint
    cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
    token                  = data.aws_eks_cluster_auth.default.token
    load_config_file       = false
  }
}

And this is values.json

server:
  image:
    repository: vault
    tag: latest
  dataStorage:
    enabled: true
  auditStorage:
    enabled: true
  ha:
    enabled: true
    replicas: 1

        listener "tcp" {
          address         = "[::]:8200"
          cluster_address = "[::]:8201"
        }

        storage "s3" {
         access_key = "xxxxxxxxx"
         secret_key = "xxxxxxxxxx"
         bucket     = "xxxx-vault"
         region     = "xxxx-xxxx-x"
        }

        service_registration "kubernetes" {}
  extraVolumes:
    - type: secret
      name: tls
  extraEnvironmentVars:
    VAULT_ADDR: https://127.0.0.1:8200
    VAULT_SKIP_VERIFY: true
ui:
  enabled: true
  serviceType: LoadBalancer

but it is not taking my S3 bucket as storage after deploy every time it is taking file system as storage not given S3 bucket. Whats wrong here?

-- Akash Verma
amazon-eks
hashicorp-vault
kubernetes
terraform

1 Answer

11/13/2020

think you missed a key in your values files:

  ha:
    enabled: true
    replicas: 1
    config: |
      listener "tcp" {
        address         = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      storage "s3" {
       access_key = "xxxxxxxxx"
       secret_key = "xxxxxxxxxx"
       bucket     = "xxxx-vault"
       region     = "xxxx-xxxx-x"
      }

      service_registration "kubernetes" {}
-- ptrh
Source: StackOverflow