Vault + Kubernetes (vault-k8s)
The vault-k8s
binary includes first-class integrations between Vault and
Kubernetes. Currently the only integration in this repository is the
Vault Agent Sidecar Injector (agent-inject
). In the future more integrations
will be found here.
The Kubernetes integrations with Vault are
documented directly on the Vault website.
This README will present a basic overview of each use case, but for full
documentation please reference the Vault website.
This project is versioned separately from Vault. Supported Vault versions
for each feature will be noted below. By versioning this project separately,
we can iterate on Kubernetes integrations more quickly and release new versions
without forcing Vault users to do a full Vault upgrade.
Features
- Agent Inject:
Agent Inject is a mutation webhook controller that injects Vault Agent containers
into pods meeting specific annotation criteria.
(Requires Vault 1.3.1+)
Installation
vault-k8s
is distributed in multiple forms:
-
The recommended installation method is the official
Vault Helm chart. This will
automatically configure the Vault and Kubernetes integration to run within
an existing Kubernetes cluster.
-
A Docker image hashicorp/vault-k8s
is available. This can be used to manually run vault-k8s
within a scheduled environment.
-
Raw binaries are available in the HashiCorp releases directory. These can be used to run vault-k8s directly or build custom packages.