AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    Stash

    Backup and Recovery Solution for Kubernetes

    KubeVault

    Run Production-Grade Vault on Kubernetes

    Voyager

    Secure Ingress Controller for Kubernetes

    ConfigSyncer

    Kubernetes Configuration Syncer

    Guard

    Kubernetes Authentication WebHook Server

    KubeDB

    KubeDB simplifies Provisioning, Upgrading, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • check-boxLower administrative burden
    • check-boxNative Kubernetes Support
    • check-boxPerformance
    • check-boxAvailability and durability
    • check-boxManageability
    • check-boxCost-effectiveness
    • check-boxSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • check-boxDeclarative API
    • check-boxBackup Kubernetes Volumes
    • check-boxBackup Database
    • check-boxMultiple Storage Support
    • check-boxDeduplication
    • check-boxData Encryption
    • check-boxVolume Snapshot
    • check-boxPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • check-boxVault Kubernetes Deployment
    • check-boxAuto Initialization & Unsealing
    • check-boxVault Backup & Restore
    • check-boxConsume KubeVault Secrets with CSI
    • check-boxManage DB Users Privileges
    • check-boxStorage Backend
    • check-boxAuthentication Method
    • check-boxDatabase Secret Engine
    Voyager

    Secure Ingress Controller for Kubernetes

    • check-boxHTTP & TCP
    • check-boxSSL
    • check-boxPlatform support
    • check-boxHAProxy
    • check-boxPrometheus
    • check-boxLet's Encrypt
    configsyncer

    Kubernetes Configuration Syncer

    • check-boxConfiguration Syncer
    Guard

    Kubernetes Authentication WebHook Server

    • check-boxIdentity Providers
    • check-boxCLI
    • check-boxRBAC
  • RESOURCES
  • Webinar New
CONTACT SALES
KubeVault
github-icon twitterx-icon
TRY NOW FREE
  • Welcome
  • Concepts
  • Setup
  • Guides
  • Vault Operator
    KubeVault CLI
    Vault Unsealer

New to KubeVault? Please start here.

Filesystem

The Filesystem storage backend stores Vault data on the filesystem using a standard directory structure. As the Filesystem backend does not support high availability (HA), it can be used for single node setups(i.e. vaultserver.spec.replicas: 1). A VolumeClaimTemplate can be specified to create (or reuse if already exist) a PersistentVolumeClaim so that Vault data can be stored in the corresponding PersistentVolume.

apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
  name: vault
  namespace: demo
spec:
  replicas: 1
  version: "1.2.3"
  serviceTemplates:
  - alias: vault
    metadata:
      annotations:
        name: vault
    spec:
      type: NodePort
  backend:
    file:
      path: /mnt/vault/data
      volumeClaimTemplate:
        metadata:
          name: vault-pvc
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 50Mi
  unsealer:
    secretShares: 4
    secretThreshold: 2
    mode:
      kubernetesSecret:
        secretName: vault-keys

spec.backend.file

To use file system as storage backend in Vault server, specify the spec.backend.file in VaultServer CRD.

spec:
  backend:
    file:
      path: /mnt/vault/data
      volumeClaimTemplate:
        metadata:
          name: vault-pvc
        spec:
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 50Mi

Here, we are going to describe various attributes of the spec.backend.file field.

file.path

file.path is a required field that specifies the absolute path to the directory where the data will be stored.

backend:
  file:
    path: /mnt/vault/data

file.volumeClaimTemplate

file.volumeClaimTemplate is a required field that specifies a PersistentVolumeClaim object that will provide storage for Vault server. The KubeVault operator will use the PVC if it already exists, otherwise, it will create a new PVC. On the deletion of VaultServer CRD, the PVC will be left intact. To clean up, you must delete the PVC manually.

file:
  volumeClaimTemplate:
    metadata:
      name: vault-pvc
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 50Mi

file.volumeClaimTemplate.metadata

volumeClaimTemplate.metadata is an optional field that specifies a standard object’s metadata. The following fields can be provided:

  • name : optional. Specifies a name that uniquely identifies this object within the current namespace. Default to the name of VaultServer.
  • labels : optional. Specifies a map of string keys and values that can be used to organize and categorize objects. Default to the labels of the VaultServer.
volumeClaimTemplate:
  metadata:
    name: vault-pvc
    labels:
      app: vault

file.volumeClaimTemplate.spec

volumeClaimTemplate.spec is a required field that defines the desired characteristics of a volume. It contains all fields and features of a standard PersistentVolumeClaim object’s spec.

Sub-fields are given below:

  • accessModes
  • selector
  • resources
  • volumeName
  • storageClassName
  • volumeMode
  • dataSource
file:
  volumeClaimTemplate:
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 50Mi

What's on this Page

Search
Improve This Page