New to KubeVault? Please start here.

MySQL

In MySQL storage backend, Vault data will be stored in MySQL. Vault documentation for MySQL storage can be found in here.

apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
  name: vault-with-mysql
  namespace: demo
spec:
  replicas: 1
  version: "1.2.0"
  backend:
    mysql:
      address: "my.mysql.com:3306"
      userCredentialSecret: "mysql-cred"

spec.backend.mysql

To use MySQL as backend storage in Vault, specify spec.backend.mysql in VaultServer CRD.

spec:
  backend:
    mysql:
      address: <address>
      database: <database_name>
      table: <table_name>
      userCredentialSecret: <secret_name>
      tlsCASecret: <secret_name>
      maxParallel: <max_parallel>

Here, we are going to describe the various attributes of the spec.backend.mysql field.

mysql.address

mysql.address is a required field that specifies the address of the MySQL host.

spec:
  backend:
    mysql:
      address: "my.mysql.com:3306"

mysql.userCredentialSecret

mysql.userCredentialSecret is a required field that specifies the name of the secret containing MySQL username and password to connect with the database. The secret contains the following fields:

  • username
  • password
spec:
  backend:
    mysql:
      userCredentialSecret: "mysql-cred"

mysql.database

mysql.database is an optional field that specifies the name of the database. If the database does not exist, Vault will attempt to create it. If it is not specified, then Vault will set vault vault.

spec:
  backend:
    mysql:
      database: "my_vault"

mysql.table

mysql.table is an optional field that specifies the name of the table. If the table does not exist, Vault will attempt to create it. If it is not specified, then Vault will set value to vault.

spec:
  backend:
    mysql:
      table: "vault_data"

mysql.tlsCASecret

mysql.tlsCASecret is an optional field that specifies the name of the secret containing the CA certificate to connect using TLS. The secret contains the following fields:

  • tls_ca_file
spec:
  backend:
    mysql:
      tlsCASecret: "mysql-ca"

mysql.maxParallel

maxParallel is an optional field that specifies the maximum number of parallel operations to take place. This field accepts integer value. If this field is not specified, then Vault will set value to 128.

spec:
  backend:
    mysql:
      maxParallel: 124