Installing in GKE Cluster

If you are installing KubeVault on a GKE cluster, you will need cluster admin permissions to install KubeVault operator. Run the following command to grant admin permision to the cluster.

$ kubectl create clusterrolebinding "cluster-admin-$(whoami)" \
  --clusterrole=cluster-admin                                 \
  --user="$(gcloud config get-value core/account)"

In addition, if your GKE cluster is a private cluster, you will need to either add an additional firewall rule that allows master nodes access port 8443/tcp on worker nodes, or change the existing rule that allows access to ports 443/tcp and 10250/tcp to also allow access to port 8443/tcp. The procedure to add or modify firewall rules is described in the official GKE documentation for private clusters mentioned before.

Detect KubeVault version

To detect KubeVault version, exec into the operator pod and run vault-operator version command.

$ POD_NAMESPACE=kubevault
$ POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/instance=kubevault -o jsonpath={.items[0].metadata.name})
$ kubectl exec $POD_NAME -c operator -n $POD_NAMESPACE -- /vault-operator version

Version = v2021.10.11
VersionStrategy = tag
GitTag = v2021.10.11
GitBranch = HEAD
CommitHash = ad15b48a5ace19e0ec79934f7ebce709fb6dba59
CommitTimestamp = 2021-07-31T05:39:40
GoVersion = go1.16.6
Compiler = gcc
Platform = linux/amd64