AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
KubeVault
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Vault Operator
    KubeVault CLI
    Vault Unsealer
You are looking at the documentation of a prior release. To read the documentation of the latest release, please visit here.

New to KubeVault? Please start here.

DynamoDB

In DynamoDB storage backend, Vault data will be stored in DynamoDB. Vault documentation for DynamoDB storage can be found in here.

apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
  name: vault-with-dynamodb
  namespace: demo
spec:
  replicas: 1
  version: "1.2.0"
  backend:
    dynamodb:
      table: "my-vault-table"
      region: "us-west-1"
      readCapacity: 5
      writeCapacity: 5

spec.backend.dynamodb

To use dynamoDB as backend storage in Vault specify spec.backend.dynamodb in VaultServer CRD.

spec:
  backend:
    dynamodb:
      table: <table_name>
      region: <region>
      endpoint: <endpoint>
      haEnabled: <true/false>
      readCapacity: <read_capacity>
      writeCapacity: <write_capacity>
      credentialSecret: <secret_name>
      sessionTokenSecret: <secret_name>
      maxParallel: <max_parallel>

Here, we are going to describe the various attributes of the spec.backend.dynamodb field.

dynamodb.table

dynamodb.table is a required field that specifies the name of the DynamoDB table. If the specified table does not exist, then Vault will create it during initialization. If it is not initialized, then Vault will set value to vault-dynamodb-backend.

spec:
  backend:
    dynamodb:
      table: "my-vault-table"

dynamodb.endpoint

dynamodb.endpoint is an optional field that specifies an alternative, AWS compatible, DynamoDB endpoint.

spec:
  backend:
    dynamodb:
      endpoint: "endpoint.com"

dynamodb.region

dynamodb.region is an optional field that specifies the AWS region. If this field is not specified, then Vault will set value to us-east-1.

spec:
  backend:
    dynamodb:
      region: "us-east-1"

dynamodb.credentialSecret

dynamodb.credentialSecret is an optional field that specifies the secret name containing AWS access key and AWS secret key. The secret contains the following keys:

  • access_key
  • secret_key

Leaving the access_key and secret_key fields empty will cause Vault to attempt to retrieve credentials from the AWS metadata service.

spec:
  backend:
    dynamodb:
      credentialSecret: "aws-credential"

dynamodb.sessionTokenSecret

dynamodb.sessionTokenSecret is an optional field that specifies the secret name containing the AWS session token. The secret contains the following key:

  • session_token
spec:
  backend:
    dynamodb:
      sessionTokenSecret: "aws-session-token"

dynamodb.maxParallel

maxParallel is an optional field that specifies the maximum number of parallel operations to take place. This field accepts integer value. If this field is not specified, then Vault will set value to 128.

spec:
  backend:
    dynamodb:
      maxParallel: 124

dynamodb.readCapacity

dynamodb.readCapacity is an optional field that specifies the maximum number of reads consumed per second on the table. If it is not specified, then Vault will set value to 5.

spec:
  backend:
    dynamodb:
      readCapacity: 10

dynamodb.writeCapacity

dynamodb.writeCapacity is an optional field that specifies the maximum number of writes performed per second on the table. If it is not specified, then Vault will set value to 5.

spec:
  backend:
    dynamodb:
      writeCapacity: 10

dynamodb.haEnabled

dynamodb.haEnabled is an optional field that specifies whether this backend should be used to run Vault in high availability mode. This field accepts boolean value. The default value is false.

spec:
  backend:
    dynamodb:
      haEnabled: true

What's on this Page

Search
Improve This Page