AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    KubeStash New

    Backup and Recovery Solution for Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    kubestash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
KubeVault
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Vault Operator
    KubeVault CLI
    Vault Unsealer
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

New to KubeVault? Please start here.

Etcd

In Etcd storage backend, Vault data will be stored in Etcd. Vault documentation for Etcd storage can be found in here.

apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
  name: vault-with-etcd
  namespace: demo
spec:
  replicas: 1
  version: "1.2.0"
  backend:
    etcd:
      address: "http://example.etcd.svc:2379"
      etcdApi: "v3"

spec.backend.etcd

To use Etcd as storage backend in Vault specify spec.backend.etcd in VaultServer CRD.

spec:
  backend:
    etcd:
      address: "http://example.etcd.svc:2379"
      etcdApi: "v3"

Here, we are going to describe the various attributes of the spec.backend.etcd field.

etcd.address

etcd.address is a required field that specifies the addresses of the etcd instances.

spec:
  backend:
    etcd:
      address: "http://example.etcd.svc:2379"

etcd.haEnable

etcd.haEnable is an optional field that specifies if high availability should be enabled. This field accepts boolean value. The default value is false.

spec:
  backend:
    etcd:
      haEnable: true

etcd.etcdApi

etcd.etcdApi is an optional field that specifies the version of the API to communicate with etcd. If this field is not specified, then Vault will derive it automatically. If the cluster version is 3.1+ and there has been no data written using the v2 API, the auto-detected default is v3.

spec:
  backend:
    etcd:
      etcdApi: "v3"

etcd.path

etcd.path is an optional field that specifies the path in etcd where Vault data will be stored. If this field is not specified, then Vault will set default value /vault/.

spec:
  backend:
    etcd:
      path: "/data/"

etcd.sync

etcd.sync is an optional field that specifies whether to sync a list of available etcd services on startup. This field accepts boolean value. The default value is false.

spec:
  backend:
    etcd:
      sync: true

etcd.discoverySrv

etcd.discoverySrv is an optional field that specifies the domain name to query for SRV records describing cluster endpoints. If this field is not specified, then Vault will set default value example.com

spec:
  backend:
    etcd:
      discoverySrv: "example.com"

etcd.credentialSecretName

etcd.credentialSecretName is an optional field that specifies the secret name that contains username and password to use when authenticating with the etcd server. The secret contains the following keys:

  • username
  • password
spec:
  backend:
    etcd:
      credentialSecretName: "etcd-credential"

etcd.tlsSecretName

etcd.tlsSecretName is an optional field that specifies the secret name that contains TLS assets for etcd communication. The secret contains following keys:

  • tls_ca_file
  • tls_cert_file
  • tls_key_file

What's on this Page

Search
Improve This Page