feat: Add Vault as a Gitlab Managed Application (!28) · Merge requests · GitLab.org / cluster-integration / Cluster applications

Graeme Gillies requested to merge add-vault into master Jan 07, 2020

This implements gitlab-org/gitlab#9982 (closed) for installing and managing Hashicorp Vault as a Gitlab managed application for CI installed/managed Apps only.

A few points of note

It relies on installing/using the helm-git plugin as the official hashicorp Vault chart is not in a helm repository
We use the official Vault helm chart from hashicorp as it's being actively developed by hashicorp themselves
After installation, you will still need to go into a pod and run vault operator init and vault operator unseal <unseal key> As per the standard Vault installation process. We can't easily automate this as there is a lot of specific information and configuration related to how to setup Vault specifically for your environment. E.g. Personally storing and distributing your unseal keys
It's very likely that for production usage a user will need to configure the Vault chart with some specifics, e.g. setting the backing store to a cloud storage bucket, encryption, auto-unseal on startup

Edited Mar 04, 2020 by Graeme Gillies

feat: Add Vault as a Gitlab Managed Application

Merge request reports