Support for non-LB'd HA clusters
gtaylor opened this issue · comments
If I am understanding correctly, the Vault CSI can only be pointed at a single vaultAddress
. For example:
---
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: vault-db-creds
spec:
provider: vault
parameters:
roleName: 'app'
vaultAddress: 'https://vault.vault:8200'
vaultCACertPath: '/vault/tls/ca.crt'
objects: |
- objectName: "dbUsername"
secretPath: "database/creds/db-app"
secretKey: "username"
- objectName: "dbPassword"
secretPath: "database/creds/db-app"
secretKey: "password"
I've got a simple bare metal setup that does not include an LB solution. This means that the Vault CSI would cease to function if the single node that my SecretProviderClass points as goes down.
Would it be possible to add the ability to specify multiple Vault addresses?
vaultAddresses: ['https://vault1.vault:8200', 'https://vault2.vault:8200', 'https://vault3.vault:8200']
Or something similar?