#upgrade #vault #kubernetes #kubernetes-cluster

bin+lib vault-mgmt

Manage your vault installation in Kubernetes (upgrades, unseal, step-down, ...)

1 unstable release

0.1.2 Jun 11, 2023

#31 in #kubernetes-cluster

MIT license

115KB
3K SLoC

vault-mgmt

Requirements

Features

  • Unseal a Vault Pod.
    • Either supply a command that returns the unseal keys
    • or let the program retrieve the keys from a Vault secret.
  • Step-down the active Pod.
  • Upgrade a single Pod.
  • Upgrade the full cluster without downtime.

Testing

Unit tests can be run normally by cargo: cargo test.

Ent-to-end tests require a Kubernetes cluster and will install, upgrade and uninstall (except on failure) several deployments of a Vault cluster in the current kubecontext (namespace is set by environment variable VAULT_MGMT_E2E_NAMESPACE, defaulting to vault-mgmt-e2e). The Pods are using emptyDir as storage and should not consume a PV. The storage is not part of the tests, only the clustering and active/standby transitions. You can run those tests by calling cargo test --ignored with a working kubeconfig and existing namespace.

Dependencies

~90MB
~1.5M SLoC