You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

New to KubeVault? Please start here.

KubeVault operator architecture

Architecture

KubeVault operator is composed of the following controllers:

  • A Vault Server controller that deploys Vault in Kubernetes clusters. It also injects unsealer and stastd exporter as sidecars to perform unsealing and monitoring respectively.

  • An Auth controller that enables auth methods in Vault.

  • A Policy controller that manages Vault policies and also binds Vault policies with Kubernetes service accounts.

  • A Secret Engine controller that enables and configures Vault secret engines based on the given configuration.

  • A set of Role controllers that configure secret engine roles that are used to generate credentials.

  • A set of AccessKeyRequest controllers that generate and issue credentials to the user for various secret engine roles.