Giters

hashicorp / vault-csi-provider

HashiCorp Vault Provider for Secret Store CSI Driver

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support for non-LB'd HA clusters

gtaylor opened this issue · comments

commented

If I am understanding correctly, the Vault CSI can only be pointed at a single vaultAddress. For example:

---
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: vault-db-creds
spec:
  provider: vault
  parameters:
    roleName: 'app'
    vaultAddress: 'https://vault.vault:8200'
    vaultCACertPath: '/vault/tls/ca.crt'
    objects: |
      - objectName: "dbUsername"
        secretPath: "database/creds/db-app"
        secretKey: "username"
      - objectName: "dbPassword"
        secretPath: "database/creds/db-app"
        secretKey: "password"

I've got a simple bare metal setup that does not include an LB solution. This means that the Vault CSI would cease to function if the single node that my SecretProviderClass points as goes down.

Would it be possible to add the ability to specify multiple Vault addresses?

    vaultAddresses: ['https://vault1.vault:8200', 'https://vault2.vault:8200', 'https://vault3.vault:8200']

Or something similar?