Persistent Volume Claims option?

[songohannyc]

Hi,

I'm pretty new to k8 and vault. I follow the readme it works great! But, is there a reason you are not using "Persistent Volume Claims" on the etcd storage? Or is it in a future release plan?

Please let know if there is a better place to ask this type of questions. Thank you.

[rblaine95]

I added this feature to PR #333 and have integrated this in an example quay repository (version 0.1.9-1 is the latest stable release with my added features).

ETCD PVCs are an experimental feature and, as far as I know, you're supposed to use S3 storage for backup and restore jobs with a cron job

Using this example manifest will deploy a vault cluster with PVC's backing etcd.

apiVersion: vault.security.coreos.com/v1alpha1
kind: VaultService
metadata:
  name: vault
spec:
  nodes: 3
  version: 0.10.4-1
  baseImage: quay.io/zenlab/vault
  serviceAccountName: vault-sa
  persistentVolumeClaimSpec:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 5Gi

Edit: Here's the manifest to use my image that allows for PVC's and Custom Service Account

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: vault-operator
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: vault-operator
    spec:
      serviceAccountName: vault-operator
      containers:
      - name: vault-operator
        image: quay.io/zenlab/vault-operator:0.1.9-1 # zenAptix image - allows BOTH custom service account AND etcd pvc
        env:
        - name: MY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: MY_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name

[songohannyc]

Thank you! I'll check it out.