Can I deploy vault-operator with an existing Vault? #2728
-
Hi! I'm interested to use vault-secrets-webhook to inject secrets as environment variables and I would like to connect it with an existing vault server instead of use the Vault that is deployed when I execute this command "kubectl apply -f https://raw.githubusercontent.com/bank-vaults/vault-operator/v1.21.0/deploy/examples/cr-raft.yaml", that vault is in another cluster and another AWS account. Is it possible to do that? Is there any example to do that? or Could you point me in the right to configure vault-operator and vault-secret-webhook with an existing vault correctly? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hey @mianrogue77 The If you have an existing Vault instance that was not deployed as a In case you are using the However, you can use your existing Vault with the More info about the latter topic: |
Beta Was this translation helpful? Give feedback.
Hey @mianrogue77
The
Vault Operator
is designed to manage Vault instances that are deployed as custom resources (CRs) in Kubernetes. It watches forVault CRs
and manages the lifecycle of the corresponding Vault instances.If you have an existing Vault instance that was not deployed as a
Vault CR
, theVault Operator
will not be able to manage it. The Operator needs theVault CR
to know the desired state of the Vault instance and to react to changes. In this case you would need to migrate your Vault data to aVault CR
that can be managed by theOperator
.In case you are using the
Vault CR
, that can be managed by theOperator
, you will only need to deploy theOperator
, since by default it wi…