upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 08:55:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

docs: vault-helm license support for enterprise (#11848)

Browse source
This commit is contained in:
Theron Voran 2021-06-17 11:46:21 -07:00 committed by GitHub
parent 1c31d5ac53
commit 61190bb48a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 94 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
website/content/docs/platform/k8s/helm/enterprise.mdx Normal file
View file

@ -0,0 +1,84 @@
---
layout: docs
page_title: Vault Enterprise License Management - Kubernetes
description: >-
Vault Helm supports deploying Vault Enterprise, including license autoloading.
---
# Vault Enterprise License Management
You can use this Helm chart to deploy Vault Enterprise by following a few extra steps around licensing.
~> **Note:** As of Vault Enterprise 1.8, the license must be specified via HCL configuration or environment variables on startup, unless the Vault cluster was created with an older Vault version and the license was stored, or the Vault Enterprise binary has the license baked in (`prem` or `pro` version tags). More information is available in the [Vault Enterprise License docs](/docs/enterprise/license).
## Vault Enterprise 1.8+
First create a Kubernetes secret using the contents of your license file. For example, the following commands create a secret with the name `vault-ent-license` and key `license`:
```bash
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
kubectl create secret generic vault-ent-license --from-literal="license=${secret}"
```
-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager.
In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/helm/configuration#image-2) to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Also set the name of the secret you just created in [`server.enterpriseLicense`](/docs/platform/k8s/helm/configuration#enterpriseLicense).
```yaml
# config.yaml
server:
image:
repository: hashicorp/vault-enterprise
tag: 1.8.0_ent
enterpriseLicense:
secretName: vault-ent-license
```
Now run `helm install`:
```shell-session
$ helm install hashicorp hashicorp/vault -f config.yaml
```
Once the cluster is [initialized and unsealed](/docs/platform/k8s/helm/run), you may check the license status using the `vault license get` command:
```shell
kubectl exec -ti vault-0 -- vault license get
```
## Vault Enterprise prior to 1.8
In your chart overrides, set the values of `server.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Install the chart, and initialize and unseal vault as described in [Running Vault](/docs/platform/k8s/helm/run).
After Vault has been initialized and unsealed, setup a port-forward tunnel to the Vault Enterprise cluster:
```shell
kubectl port-forward vault-0 8200:8200
```
Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
```json
{
"text": "01ABCDEFG..."
}
```
Finally, using curl, apply the license key to the Vault API:
```bash
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
To verify that the license installation worked correctly, using `curl`, run the following:
```shell
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
http://127.0.0.1:8200/v1/sys/license
```

37
website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx
View file

@ -14,6 +14,8 @@ The following is an example of creating a disaster recovery cluster using Vault
For more information on Disaster Recovery, [see the official documentation](/docs/enterprise/replication/).
-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
## Primary Cluster
First, create the primary cluster:
@ -153,38 +155,3 @@ kubectl exec -ti vault-secondary-1 -- vault operator unseal <PRIMARY UNSEAL TOKE
kubectl delete pod vault-secondary-2
kubectl exec -ti vault-secondary-2 -- vault operator unseal <PRIMARY UNSEAL TOKEN>
```
## Add License to Vault Enterprise
First, setup a port-forward tunnel to the Vault Enterprise cluster:
```shell
kubectl port-forward vault-primary-0 8200:8200
```
Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
```json
{
"text": "01ABCDEFG..."
}
```
Finally, using curl, apply the license key to the Vault API:
```bash
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
To verify that the license installation worked correctly, using `curl`, run the following:
```shell
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
http://127.0.0.1:8200/v1/sys/license
```

37
website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx
View file

@ -14,6 +14,8 @@ The following is an example of creating a performance cluster using Vault Helm.
For more information on Disaster Recovery, [see the official documentation](/docs/enterprise/replication/).
-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
## Primary Cluster
First, create the primary cluster:
@ -152,38 +154,3 @@ kubectl exec -ti vault-secondary-1 -- vault operator unseal <PRIMARY UNSEAL TOKE
kubectl delete pod vault-secondary-2
kubectl exec -ti vault-secondary-2 -- vault operator unseal <PRIMARY UNSEAL TOKEN>
```
## Add License to Vault Enterprise
First, setup a port-forward tunnel to the Vault Enterprise cluster:
```shell
kubectl port-forward vault-primary-0 8200:8200
```
Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
```json
{
"text": "01ABCDEFG..."
}
```
Finally, using curl, apply the license key to the Vault API:
```bash
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
To verify that the license installation worked correctly, using `curl`, run the following:
```shell
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
http://127.0.0.1:8200/v1/sys/license
```

37
website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx
View file

@ -20,6 +20,8 @@ helm install vault hashicorp/vault \
--set='server.ha.raft.enabled=true'
```
-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
Next, initialize and unseal `vault-0` pod:
```shell
@ -58,38 +60,3 @@ a1799962-8711-7f28-23f0-cea05c8a527d vault-0.vault-internal:8201 leader
e6876c97-aaaa-a92e-b99a-0aafab105745 vault-1.vault-internal:8201 follower true
4b5d7383-ff31-44df-e008-6a606828823b vault-2.vault-internal:8201 follower true
```
## Add License to Vault Enterprise
First, setup a port-forward tunnel to the Vault Enterprise cluster:
```shell
kubectl port-forward vault-0 8200:8200
```
Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
```json
{
"text": "01ABCDEFG..."
}
```
Finally, using curl, apply the license key to the Vault API:
```bash
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
--request PUT \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/license
```
To verify that the license installation worked correctly, using `curl`, run the following:
```shell
curl \
--header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
http://127.0.0.1:8200/v1/sys/license
```

4
website/data/docs-nav-data.json
View file

@ -1214,6 +1214,10 @@
"title": "Running Vault",
"path": "platform/k8s/helm/run"
},
{
"title": "Enterprise Licensing",
"path": "platform/k8s/helm/enterprise"
},
{
"title": "Running Vault on OpenShift",
"path": "platform/k8s/helm/openshift"