AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
KubeVault
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Vault Operator
    KubeVault CLI
    Vault Unsealer
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

Concepts

Concepts help you learn about the different parts of KubeVault and the abstractions it uses.

  • What is KubeVault?
    • Overview. Provides an introduction to KubeVault operator, including the problems it solves and its use cases.
    • Operator architecture. Provides a high-level illustration of the architecture of the KubeVault operator.

AppBinding

Introduces a way to specify connection information, credential, and parameters that are necessary for communicating with an app or service.

Vault Server Version

Introduces the concept of VaultServerVersion to specify the docker images of HashiCorp Vault, Unsealer, and Exporter.

Vault Server

A VaultServer is a Kubernetes CustomResourceDefinition (CRD) which is used to deploy a HashiCorp Vault server on Kubernetes clusters in a Kubernetes native way. Introduces the concept of VaultServer for configuring a HashiCorp Vault server in a Kubernetes native way.

Vault Unsealer Options

When a Vault server is started, it starts in a sealed state. In this state, Vault is configured to know where and how to access the physical storage, but doesn’t know how to decrypt any of it.

Unsealing is the process of obtaining the plaintext root key necessary to read the decryption key to decrypt the data, allowing access to the Vault. Initializing & Unsealing Vault servers can be a tedious job. Introduces to various methods of automatically Initialization & Unsealing Vault Servers.

Vault Server Storage

The storage backend represents the location for the durable storage of Vault’s information. Each backend has pros, cons, advantages, and trade-offs. For example, some backends support High Availability - HA while others provide a more robust backup and restoration process. Introduces to various Storage Backend options supported by KubeVault.

Authentication Methods for Vault Server

Auth methods are the components in Vault that perform authentication and are responsible for assigning identity and a set of policies to a user. In all cases, Vault will enforce authentication as part of the request processing. In most cases, Vault will delegate the authentication administration and decision to the relevant configured external auth method (e.g., Amazon Web Services, GitHub, Google Cloud Platform, Kubernetes, Microsoft Azure, Okta, JWT/OIDC).

Having multiple auth methods enables you to use an auth method that makes the most sense for your use case of Vault and your organization. Introduces to various Authentication methods supported by KubeVault.

Secret Engine

SecretEngine is a Kubernetes Custom Resource Definition(CRD). It provides a way to enable and configure a Vault secret engine. Introduces to SecretEngine CRD, fields, & it’s various use cases.

Secret Engine Roles

In a Secret Engine, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the Secret Engine. Introduces to various roles supported by KubeVault.

Secret Access Request

A SecretAccessRequest is a Kubernetes CustomResourceDefinition (CRD) which allows a user to request a Vault server for credentials in a Kubernetes native way. A SecretAccessRequest can be created under various roleRef e.g: AWSRole, GCPRole, ElasticsearchRole, MongoDBRole, etc. Introduces to SecretAccessRequest CRD, fields & it’s various use cases.

Secret Role Binding

A SecretRoleBinding is a Kubernetes CustomResourceDefinition (CRD) which allows a user to bind a set of roles to a set of users. Using the SecretRoleBinding it’s possible to bind various roles e.g: AWSRole, GCPRole, ElasticsearchRole, MongoDBRole, etc. to Kubernetes ServiceAccounts.

Vault Policy

Everything in the Vault is path-based, and policies are no exception. Policies provide a declarative way to grant or forbid access to certain operations in Vault. Policies are deny by default, so an empty policy grants no permission in the system.

  • VaultPolicy: is used to create, update or delete Vault policies.
  • VaultPolicyBinding: is used to create Vault auth roles associated with an authentication type/entity and a set of Vault policies.

What's on this Page

Search
Improve This Page