Ahh I get it now. Thank you mate for a quick reply @@CloudDevEngineering, also this kubernetes secret with AWS Access keys would ideally provide lot more capabilities than an IAM and Role configuration right? Also btw how are you managing the storage of these recovery leys ? AWS Secret manager?
Could you please share the LoadBalancer content also? I am trying to install vault with helm, but I am using a self hosted cluster and I have a problem that sometimes when I view page in browser everything is ok, but sometimes I got just a blank screen despite the correct path in the url field
Hi Michael, thanks for great video. Just one doubt that Whatever the way of auto unseal we use, we need to manually unseal one pod? Am I right? Anyone 👆, TIA!!
Once you init the operator all the Vault Pods are initialized and unsealed using these keys from vault operator init command, just confirmed it by redeploying this
Did you notice that after make the first manual unseal, the information displayed in terminal says "Recovery seal type: shamir" (Minute 7:10) ? but if you execute a vault status before the first manual unseal the seal type is awskms, is it right?
This video was uploaded exactly at the time when I was trying to fix an issue on a similar setup. Thank you 😀
Awesome!
same!
Love this , you've managed to help me solve an issue with the auto unseal on KMS
That's what I like to hear! Thank you.
May I know why did you do a manual unseal after configuring the AWS KMS auto unseal?
Even though the auto unseal exists, you still need to auto unseal one Pod. Then, the auto unseal will work on the other Pods.
Ahh I get it now. Thank you mate for a quick reply @@CloudDevEngineering, also this kubernetes secret with AWS Access keys would ideally provide lot more capabilities than an IAM and Role configuration right? Also btw how are you managing the storage of these recovery leys ? AWS Secret manager?
How to use tls for communication between the nodes
Could you please share the LoadBalancer content also? I am trying to install vault with helm, but I am using a self hosted cluster and I have a problem that sometimes when I view page in browser everything is ok, but sometimes I got just a blank screen despite the correct path in the url field
I owe you !!!!!!
For some reason, mine dont spin up any pod just services
Were you using EFS for Storage or EBS ?
You saved my day. Thank you!!!
Can you share the git repo of this vaules file?
github.com/AdminTurnedDevOps/kubernetes-examples/tree/main/vault/vault
Hi Michael, thanks for great video. Just one doubt that Whatever the way of auto unseal we use, we need to manually unseal one pod? Am I right?
Anyone 👆, TIA!!
Once you init the operator all the Vault Pods are initialized and unsealed using these keys from vault operator init command, just confirmed it by redeploying this
Did you notice that after make the first manual unseal, the information displayed in terminal says "Recovery seal type: shamir" (Minute 7:10) ?
but if you execute a vault status before the first manual unseal the seal type is awskms, is it right?
Excellent, excellent and excellent video. Thanks a lot for the tutorial Michael 😊