Skip to content
This repository has been archived by the owner on Sep 21, 2023. It is now read-only.

made vault-operator track vault upstream image, upgrade and enable ui #328

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dhrp
Copy link

@dhrp dhrp commented Jun 14, 2018

By installing curl into the vault image at initialization, we don't need to have a customized vault image, and can track upstream.

This also upgrades to vault 0.10.2 and enables the (new) ui

closes #290

considerations:

This does mean that vault will install cURL from the configured apk repositories at initialization time, which makes it less suitable for an air-gapped cluster. On the flipside, those clusters can probably not use the operator anyway.

If you look closely I've reversed the (logical) order at sh -c to first drop the capabilities, then install curl, en then launch. This is because otherwise, the OS would somehow still be modifying the /bin/vault while it was being launched, causing a "text file busy" (modifying running executable) error.

credits to @kesselborn for suggesting this approach.

By installing curl into the vault image at initialization, we don't need to
have a customized vault image, and can track upstream.

This commit also upgrades to vault 0.10.2 and enables the (new) ui

closes coreos#290
@FernandoFicoseco-natgeo
Copy link

How did you @dhrp compile the vault-operator after this mods ?

@gbevan
Copy link

gbevan commented Oct 18, 2018

For people searching for how to enable the vault ui, instead of this PR you can use a ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "myapp.fullname" . }}-vault-config
  labels:
    app: {{ template "myapp.name" . }}
    chart: {{ template "myapp.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
data:
  vault.hcl: |
    ui = true

and point vault-operator service using spec.configMapName:

apiVersion: "vault.security.coreos.com/v1alpha1"
kind: "VaultService"
metadata:
  name: {{ template "myapp.fullname" . }}-vault
  labels:
    app: {{ template "myapp.name" . }}
    chart: {{ template "myapp.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  nodes: 2
  baseImage: {{ .Values.vault.baseImage | quote }}
  version: {{ .Values.vault.version | quote }}
  configMapName: {{ template "myapp.fullname" . }}-vault-config

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Upgrade to Vault 0.10.0
3 participants