New to KubeVault? Please start here.
Vault CSI driver can be installed via a script or as a Helm chart.
To install Vault CSI driver in your Kubernetes cluster, run the following command:
# Kubernetes 1.13+ (CSI driver spec 1.0.0)
$ curl -fsSL https://raw.githubusercontent.com/kubevault/csi-driver/0.2.0/hack/deploy/install.sh | bash
After successful installation, you should have csi-vault-*** pod running in the kube-system namespace.
The installer script and associated yaml files can be found in the /hack/deploy folder. You can see the full list of flags available to installer using -h flag.
$ curl -fsSL https://raw.githubusercontent.com/kubevault/csi-driver/0.2.0/hack/deploy/install.sh | bash -s -- -h
install.sh -install Vault csi driver
install.sh [options]
options:
-h, --help show brief help
-n, --namespace=NAMESPACE specify namespace (default: kube-system)
--csi-vault-docker-registry docker registry used to pull csi-vault image (default: kubevault)
--csi-vault-image-pull-secret name of secret used to pull csi-vault images
--csi-vault-image-tag docker image version of csi vault
--csi-attacher-docker-registry docker registry used to pull csi attacher image (default: quay.io/k8scsi)
--csi-attacher-image-pull-secret name of secret used to pull csi attacher image
--csi-attacher-image-tag docker image version of csi attacher
--csi-provisioner-docker-registry docker registry used to pull csi provisioner image (default: quay.io/k8scsi)
--csi-provisioner-image-pull-secret name of secret used to pull csi provisioner image
--csi-provisioner-image-tag docker image version of csi provisioner
--csi-registrar-docker-registry docker registry used to pull csi registrar image (default: quay.io/k8scsi)
--csi-registrar-image-pull-secret name of secret used to pull csi registrar image
--csi-registrar-image-tag docker image version of csi registrar
--csi-driver-name name of csi driver to install (default: secrets.csi.kubevault.com)
--csi-required-attachment indicates csi volume driver requires an attach operation (default: false)
--install-appbinding indicates appbinding crd need to be installed (default: true)
--monitoring-agent specify which monitoring agent to use (default: none)
--monitor-attacher specify whether to monitor Vault CSI driver attacher (default: false)
--monitor-plugin specify whether to monitor Vault CSI driver plugin (default: false)
--monitor-provisioner specify whether to monitor Vault CSI driver provisioner (default: false)
--prometheus-namespace specify the namespace where Prometheus server is running or will be deployed (default: same namespace as csi-vault)
--servicemonitor-label specify the label for ServiceMonitor crd. Prometheus crd will use this label to select the ServiceMonitor. (default: 'app: csi-vault')
--uninstall uninstall vault csi driver
--purge purges csi driver crd objects and crds
Vault CSI driver can be installed via Helm using the chart from AppsCode Charts Repository. To install the chart with the release name csi-vault
$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm search appscode/csi-vault
NAME CHART VERSION APP VERSION DESCRIPTION
appscode/csi-vault 0.2.0 0.2.0 HashiCorp Vault CSI Driver for Kubernetes
# Kubernetes 1.13+ (CSI driver spec 1.0.0)
$ helm install appscode/csi-vault --name csi-vault --version 0.2.0 --namespace kube-system
To see the detailed configuration options, visit here
To check if Vault CSI driver installed successfully, run the following command:
$ kubectl get csinodeinfos
NAME AGE
2gb-pool-77jne6 31s
If you can see the node’s list, then your installation is ok.