Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Raft HA support #229

Merged
merged 4 commits into from
Mar 18, 2020
Merged

Add Raft HA support #229

merged 4 commits into from
Mar 18, 2020

Conversation

jasonodonnell
Copy link
Contributor

@jasonodonnell jasonodonnell commented Mar 17, 2020
edited
Loading

This adds a new HA option, raft, for the upcoming Vault 1.4 release. This makes the following changes:

  • Creates a new headless service required to allow the pods communicate directly with each other
  • Lifts limitations on HA mode not creating PVCs for storage
  • Adds new configurations specifically for Raft.
helm install vault \
  --set='server.ha.enabled=true' \
  --set='server.ha.raft.enabled=true' .

Once deployed you can initialize vault-0 and unseal:

# Note: vault-0 is going to be our leader initially.
kubectl exec -ti vault-0 -- vault operator init
kubectl exec -ti vault-0 -- vault operator unseal

Next, for each other vault pod, join the raft cluster and unseal:

kubectl exec -ti <NAME OF POD> -- vault operator raft join http://vault-0.vault-internal:8200
kubectl exec -ti <NAME OF POD> -- vault operator unseal

After logging into Vault using a token, you can check the configuration of Raft:

kubectl exec -ti vault-0 -- vault login
kubectl exec -ti vault-0 -- vault operator raft configuration -format=json

Or using status:

kubectl exec -ti vault-0 -- vault status

@jasonodonnell jasonodonnell requested a review from tvoran March 17, 2020 19:11
tvoran
tvoran reviewed Mar 17, 2020
View reviewed changes
templates/server-headless-service.yaml Outdated Show resolved Hide resolved
values.yaml
@@ -315,11 +315,28 @@ server:
enabled: false
replicas: 3

raft:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like this could use some comments about how/when to use raft, and/or maybe updating the comments above ha:.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed!

jasonodonnell and others added 2 commits March 18, 2020 09:38
@jasonodonnell @tvoran
Update templates/server-headless-service.yaml
1934fa1 
Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>
@jasonodonnell
Add notes to raft configurables
f49b65e
@jasonodonnell jasonodonnell merged commit 58b96db into master Mar 18, 2020
@jasonodonnell jasonodonnell deleted the raft branch March 18, 2020 19:49
radudd pushed a commit to radudd/vault-helm that referenced this pull request Jun 5, 2020
@jasonodonnell @tvoran
Add Raft HA support (hashicorp#229)
ab8785f 
* Add raft support

* Add acceptance test

* Update templates/server-headless-service.yaml

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>

* Add notes to raft configurables

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
hadielaham88 pushed a commit to SolaceDev/vault-helm that referenced this pull request May 19, 2021
@jasonodonnell @tvoran @hadielaham88
Add Raft HA support (hashicorp#229)
4489354 
* Add raft support

* Add acceptance test

* Update templates/server-headless-service.yaml

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>

* Add notes to raft configurables

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasonodonnell @tvoran