Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Vault Operator Helm Chart

This directory contains a Kubernetes Helm chart to deploy the Banzai Cloud Vault Operator.

Prerequisites Details

  • Kubernetes 1.6+

Chart Details

This chart will do the following:

  • Install the Vault operator

Please note that a backend service for Vault (for example, Consul) must be deployed beforehand and configured with the vault.config option. YAML provided under this option will be converted to JSON for the final vault config.json file.

See for more information on the Operator See for more information on storage options for Vault.

Installing the Chart

To install the chart, use the following, this backs Vault with a Consul cluster:

helm init -c
helm repo add banzaicloud-stable
helm install vault-operator

To install the chart backed with a cluster-wide Etcd Operator, use the following:

helm upgrade --install vault-operator . \
--set=etcd-operator.enabled=true \


The following tables lists the configurable parameters of the vault chart and their default values.

Parameter Description Default
image.pullPolicy Container pull policy IfNotPresent
image.repository Container image to use banzaicloud/vault-operator
image.tag Container image tag to deploy 0.4.2
replicaCount k8s replicas 1
resources.limits.cpu Container requested CPU nil
resources.limits.memory Container requested memory nil
crdAnnotations Annotations for the Vault CRD {}
etcd-operator.enabled Install etcd operator as well false

Specify each parameter using the --set key=value[,key=value] argument to helm install.

Using Vault Operator

To deploy different Vault configurations (single node, HA, with AWS unsealing, with etcd backend, ...) see: for more examples.

kubectl apply -f

Once the Vault pods are ready (in HA setup always one is ready), it can be accessed using a kubectl port-forward:

$ kubectl port-forward vault-pod 8200
$ export VAULT_ADDR=
$ export VAULT_SKIP_VERIFY=true
$ vault status


Thanks to Cosmin Cojocar for the original Vault Operator Helm chart!