Lib.rs

Command line utilities
#kubernetes #upgrade #vault

bin+lib vault-mgmt

Manage your vault installation in Kubernetes (upgrades, unseal, step-down, ...)

Owned by Tobias Krischer.

4 releases

0.1.5 Feb 21, 2025
0.1.4 Feb 21, 2025
0.1.3 Feb 21, 2025
0.1.2 Jun 11, 2023

#1430 in Command line utilities

Download history 2/week @ 2024-12-12 340/week @ 2025-02-20 37/week @ 2025-02-27 4/week @ 2025-03-06

381 downloads per month

MIT license

120KB
3K SLoC

vault-mgmt

Requirements

Features

  • Unseal a Vault Pod.
    • Either supply a command that returns the unseal keys
    • or let the program retrieve the keys from a Vault secret.
  • Step-down the active Pod.
  • Upgrade a single Pod.
  • Upgrade the full cluster without downtime.

Testing

Unit tests can be run normally by cargo: cargo test.

End-to-end tests require a Kubernetes cluster and will install, upgrade and uninstall (except on failure) several deployments of a Vault cluster in the current kubecontext (namespace is set by environment variable VAULT_MGMT_E2E_NAMESPACE, defaulting to vault-mgmt-e2e). You can create the Namespace and NetworkPolicy from e2e-preparation.yaml. The Pods are using emptyDir as storage and should not consume a PV. The storage is not part of the tests, only the clustering and active/standby transitions. You can run those tests by calling cargo test --ignored with a working kubeconfig and existing namespace.

Dependencies

~93MB
~1.5M SLoC