New to KubeVault? Please start here.

Raft

In the Raft storage backend, vault data will be stored in provided file system path. Vault documentation for Raft storage backend can be found in here.

apiVersion: kubevault.com/v1alpha1
kind: VaultServer
metadata:
  name: vault
  namespace: default
spec:
  replicas: 3
  version: 1.7.3
  serviceTemplates:
    - alias: vault
      metadata:
        annotations:
          name: vault
      spec:
        type: NodePort
    - alias: stats
      spec:
        type: ClusterIP
  backend:
    raft:
      path: "/vault/data"
      storage:
        storageClassName: "standard"
        resources:
          requests:
            storage: 1Gi
  unsealer:
    secretShares: 5
    secretThreshold: 3
    mode:
      kubernetesSecret:
        secretName: vault-keys
  monitor:
    agent: prometheus.io
    prometheus:
      exporter:
        resources: {}
  terminationPolicy: WipeOut

spec.backend.raft

To use Raft as backend storage in Vault, we need to specify spec.backend.raft in VaultServer CRD. More information about the Raft backend storage can be found in here

spec:
  backend:
    raft:
      path: <filesystem_path_to_store_data>
      performanceMultiplier: <integer_multiplier_to_scale_timing_parameters>
      trailingLogs: <number_of_log_entries_left>
      snapshotThreshold: <minimum_number_of_commit_entries>
      maxEntrySize: <max_number_of_bytes_for_raft_entry>
      autoPilotReconcileInterval: <interval_autopilot_needs_to_pick_up_state_chyanges>

Here, we are going to describe the various attributes of the spec.backend.raft field.

raft.path

Path specifies the filesystem path where the vault data gets stored. This value can be overridden by setting the VAULT_RAFT_PATH environment variable. default: ""

spec:
  backend:
    raft:
      path: "/vault/data"

raft.performanceMultiplier

An integer multiplier used by servers to scale key Raft timing parameters. Tuning this affects the time it takes Vault to detect leader failures and to perform leader elections, at the expense of requiring more network and CPU resources for better performance. default: 0

spec:
  backend:
    raft:
      performanceMultiplier: 0

raft.trailingLogs

This controls how many log entries are left in the log store on disk after a snapshot is made. default: 10000

spec:
  backend:
    raft:
      trailingLogs: 10000

raft.snapshotThreshold

This controls the minimum number of raft commit entries between snapshots that are saved to disk. default: 8192

spec:
  backend:
    raft:
      snapshotThreshold: 8192

raft.maxEntrySize

This configures the maximum number of bytes for a raft entry. It applies to both Put operations and transactions. default: 1048576

spec:
  backend:
    raft:
      maxEntrySize: 1048576

raft.autoPilotReconcileInterval

This is the interval after which autopilot will pick up any state changes. default: ""

spec:
  backend:
    raft:
      autoPilotReconcileInterval: ""