From 61190bb48aec9e63c65d3a410d4c1bcfb59b3981 Mon Sep 17 00:00:00 2001
From: Theron Voran <tvoran@users.noreply.github.com>
Date: Thu, 17 Jun 2021 11:46:21 -0700
Subject: [PATCH] docs: vault-helm license support for enterprise (#11848)

---
 .../docs/platform/k8s/helm/enterprise.mdx     | 84 +++++++++++++++++++
 .../helm/examples/enterprise-dr-with-raft.mdx | 37 +-------
 .../examples/enterprise-perf-with-raft.mdx    | 37 +-------
 .../helm/examples/enterprise-with-raft.mdx    | 37 +-------
 website/data/docs-nav-data.json               |  4 +
 5 files changed, 94 insertions(+), 105 deletions(-)
 create mode 100644 website/content/docs/platform/k8s/helm/enterprise.mdx

diff --git a/website/content/docs/platform/k8s/helm/enterprise.mdx b/website/content/docs/platform/k8s/helm/enterprise.mdx
new file mode 100644
index 0000000000..ea40d72060
--- /dev/null
+++ b/website/content/docs/platform/k8s/helm/enterprise.mdx
@@ -0,0 +1,84 @@
+---
+layout: docs
+page_title: Vault Enterprise License Management - Kubernetes
+description: >-
+  Vault Helm supports deploying Vault Enterprise, including license autoloading.
+---
+
+# Vault Enterprise License Management
+
+You can use this Helm chart to deploy Vault Enterprise by following a few extra steps around licensing.
+
+~> **Note:** As of Vault Enterprise 1.8, the license must be specified via HCL configuration or environment variables on startup, unless the Vault cluster was created with an older Vault version and the license was stored, or the Vault Enterprise binary has the license baked in (`prem` or `pro` version tags). More information is available in the [Vault Enterprise License docs](/docs/enterprise/license).
+
+## Vault Enterprise 1.8+
+
+First create a Kubernetes secret using the contents of your license file. For example, the following commands create a secret with the name `vault-ent-license` and key `license`:
+
+```bash
+secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
+kubectl create secret generic vault-ent-license --from-literal="license=${secret}"
+```
+
+-> **Note:** If you cannot find your `.hclic` file, please contact your sales team or Technical Account Manager.
+
+In your chart overrides, set the values of [`server.image`](/docs/platform/k8s/helm/configuration#image-2) to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Also set the name of the secret you just created in [`server.enterpriseLicense`](/docs/platform/k8s/helm/configuration#enterpriseLicense).
+
+```yaml
+# config.yaml
+server:
+  image:
+    repository: hashicorp/vault-enterprise
+    tag: 1.8.0_ent
+  enterpriseLicense:
+    secretName: vault-ent-license
+```
+
+Now run `helm install`:
+
+```shell-session
+$ helm install hashicorp hashicorp/vault -f config.yaml
+```
+
+Once the cluster is [initialized and unsealed](/docs/platform/k8s/helm/run), you may check the license status using the `vault license get` command:
+
+```shell
+kubectl exec -ti vault-0 -- vault license get
+```
+
+## Vault Enterprise prior to 1.8
+
+In your chart overrides, set the values of `server.image` to one of the enterprise [release tags](https://hub.docker.com/r/hashicorp/vault-enterprise/tags). Install the chart, and initialize and unseal vault as described in [Running Vault](/docs/platform/k8s/helm/run).
+
+After Vault has been initialized and unsealed, setup a port-forward tunnel to the Vault Enterprise cluster:
+
+```shell
+kubectl port-forward vault-0 8200:8200
+```
+
+Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
+
+```json
+{
+  "text": "01ABCDEFG..."
+}
+```
+
+Finally, using curl, apply the license key to the Vault API:
+
+```bash
+curl \
+  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
+  --request PUT \
+  --data @payload.json \
+  http://127.0.0.1:8200/v1/sys/license
+
+```
+
+To verify that the license installation worked correctly, using `curl`, run the following:
+
+```shell
+curl \
+  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
+  http://127.0.0.1:8200/v1/sys/license
+```
diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx
index 48d8dc988d..07763528e4 100644
--- a/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx
+++ b/website/content/docs/platform/k8s/helm/examples/enterprise-dr-with-raft.mdx
@@ -14,6 +14,8 @@ The following is an example of creating a disaster recovery cluster using Vault
 
 For more information on Disaster Recovery, [see the official documentation](/docs/enterprise/replication/).
 
+-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
+
 ## Primary Cluster
 
 First, create the primary cluster:
@@ -153,38 +155,3 @@ kubectl exec -ti vault-secondary-1 -- vault operator unseal <PRIMARY UNSEAL TOKE
 kubectl delete pod vault-secondary-2
 kubectl exec -ti vault-secondary-2 -- vault operator unseal <PRIMARY UNSEAL TOKEN>
 ```
-
-## Add License to Vault Enterprise
-
-First, setup a port-forward tunnel to the Vault Enterprise cluster:
-
-```shell
-kubectl port-forward vault-primary-0 8200:8200
-```
-
-Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
-
-```json
-{
-  "text": "01ABCDEFG..."
-}
-```
-
-Finally, using curl, apply the license key to the Vault API:
-
-```bash
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  --request PUT \
-  --data @payload.json \
-  http://127.0.0.1:8200/v1/sys/license
-
-```
-
-To verify that the license installation worked correctly, using `curl`, run the following:
-
-```shell
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  http://127.0.0.1:8200/v1/sys/license
-```
diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx
index 6ec7d21277..bb88130f0f 100644
--- a/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx
+++ b/website/content/docs/platform/k8s/helm/examples/enterprise-perf-with-raft.mdx
@@ -14,6 +14,8 @@ The following is an example of creating a performance cluster using Vault Helm.
 
 For more information on Disaster Recovery, [see the official documentation](/docs/enterprise/replication/).
 
+-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
+
 ## Primary Cluster
 
 First, create the primary cluster:
@@ -152,38 +154,3 @@ kubectl exec -ti vault-secondary-1 -- vault operator unseal <PRIMARY UNSEAL TOKE
 kubectl delete pod vault-secondary-2
 kubectl exec -ti vault-secondary-2 -- vault operator unseal <PRIMARY UNSEAL TOKEN>
 ```
-
-## Add License to Vault Enterprise
-
-First, setup a port-forward tunnel to the Vault Enterprise cluster:
-
-```shell
-kubectl port-forward vault-primary-0 8200:8200
-```
-
-Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
-
-```json
-{
-  "text": "01ABCDEFG..."
-}
-```
-
-Finally, using curl, apply the license key to the Vault API:
-
-```bash
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  --request PUT \
-  --data @payload.json \
-  http://127.0.0.1:8200/v1/sys/license
-
-```
-
-To verify that the license installation worked correctly, using `curl`, run the following:
-
-```shell
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  http://127.0.0.1:8200/v1/sys/license
-```
diff --git a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx
index 55971fcb95..6945ad62da 100644
--- a/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx
+++ b/website/content/docs/platform/k8s/helm/examples/enterprise-with-raft.mdx
@@ -20,6 +20,8 @@ helm install vault hashicorp/vault \
   --set='server.ha.raft.enabled=true'
 ```
 
+-> For license configuration refer to [Running Vault Enterprise](/docs/platform/k8s/helm/enterprise).
+
 Next, initialize and unseal `vault-0` pod:
 
 ```shell
@@ -58,38 +60,3 @@ a1799962-8711-7f28-23f0-cea05c8a527d    vault-0.vault-internal:8201    leader
 e6876c97-aaaa-a92e-b99a-0aafab105745    vault-1.vault-internal:8201    follower    true
 4b5d7383-ff31-44df-e008-6a606828823b    vault-2.vault-internal:8201    follower    true
 ```
-
-## Add License to Vault Enterprise
-
-First, setup a port-forward tunnel to the Vault Enterprise cluster:
-
-```shell
-kubectl port-forward vault-0 8200:8200
-```
-
-Next, in a separate terminal, create a `payload.json` file that contains the license key like this example:
-
-```json
-{
-  "text": "01ABCDEFG..."
-}
-```
-
-Finally, using curl, apply the license key to the Vault API:
-
-```bash
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  --request PUT \
-  --data @payload.json \
-  http://127.0.0.1:8200/v1/sys/license
-
-```
-
-To verify that the license installation worked correctly, using `curl`, run the following:
-
-```shell
-curl \
-  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
-  http://127.0.0.1:8200/v1/sys/license
-```
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 821a716492..bebeab4562 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -1214,6 +1214,10 @@
                 "title": "Running Vault",
                 "path": "platform/k8s/helm/run"
               },
+              {
+                "title": "Enterprise Licensing",
+                "path": "platform/k8s/helm/enterprise"
+              },
               {
                 "title": "Running Vault on OpenShift",
                 "path": "platform/k8s/helm/openshift"