hashicorp-vault Plugin

This plugin installs hashicorp-vault with replicas:3 by default value.

Initialize all the Vault pods

Vault:Seal/Unseal

At first, you must install tool: jq is a lightweight and flexible command-line JSON processor. Download jq

Initialize vault-0

# Initialize vault-0 with one key share and one key threshold.
kubectl exec vault-0 -n $NAMESPACE -- vault operator init -key-shares=1 -key-threshold=1 -format=json > cluster-keys.json

Display the unseal key

# Display the unseal key found in cluster-keys.json
cat cluster-keys.json | jq -r ".unseal_keys_b64[]"

Create a variable to capture the Vault unseal key

Unseal vault-0

# Unseal vault-0 running on the vault-0 pod.

You will see the above command’s output like this. Make sure the value of Initialized is ‘true’ and the value of Sealed is ‘false’.

Key                     Value
---                     -----
Initialized             true
Sealed                  false
Total Shares            1
Threshold               1
Version                 1.9.2
Storage Type            raft
Cluster Name            vault-cluster-14052440
Cluster ID              7630cd33-2ee1-39c1-db3f-e48a6d79970a
HA Enabled              true
HA Cluster              https://vault-0.vault-internal:8201
Active Since            2022-04-23T16:45:47.6060163Z
Raft Committed Index    30
Raft Applied Index      30

Initialize vault-1 and vault-2 like vault-0

Verify all the pods status

# Verify all the Vault pods are running and ready.
kubectl get pods -n $NAMESPACE

NAME                                 READY   STATUS    RESTARTS   AGE
vault-0                              1/1     Running   0          2m29s
vault-1                              1/1     Running   0          2m29s
vault-2                              1/1     Running   0          2m29s
vault-agent-injector-68dc986-bnsj2   1/1     Running   0          2m28s

After the above operations, you want to use the Vault to write/read secrets. You need to follow the documentation of the hashicorp Vault: