[docs] add Kustomize installation documentation for VSO (#24690)

* add Kustomize installation docs Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2026-06-09 00:33:28 -04:00 · 2024-01-19 12:16:41 -06:00 · 2024-01-19 12:16:41 -06:00 · 9f6b41da8b
commit 9f6b41da8b
parent 9bb4f9e996
1 changed files with 63 additions and 6 deletions
--- a/website/content/docs/platform/k8s/vso/installation.mdx
+++ b/website/content/docs/platform/k8s/vso/installation.mdx
@ -11,8 +11,9 @@ description: >-

 - A Kubernetes cluster running 1.23+
 - Helm 3.7+
+- [Optional] Kustomize 4.5.7+

-## Installation using helm
+## Installation using Helm

 [Install Helm](https://helm.sh/docs/intro/install) before beginning.

@ -20,7 +21,7 @@ The [Vault Secrets Operator Helm chart](/vault/docs/platform/k8s/vso/helm) is th
 installing and configuring the Vault Secrets Operator.

 To install a new instance of the Vault Secrets Operator, first add the
-HashiCorp helm repository and ensure you have access to the chart:
+HashiCorp Helm repository and ensure you have access to the chart:

 ```shell-session
 $ helm repo add hashicorp https://helm.releases.hashicorp.com
@ -39,8 +40,7 @@ Then install the Operator:
 $ helm install --version 0.4.3 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```

-
-## Upgrading using helm
+## Upgrading using Helm

 You can upgrade an existing installation with the `helm upgrade` command.
 Please always run Helm with the `--dry-run` option before any install or upgrade to verify
@ -71,7 +71,7 @@ $ helm show crds --version 0.4.3 hashicorp/vault-secrets-operator | kubectl appl
 $ helm upgrade --version 0.4.3 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator
 ```

-## Updating CRDs
+## Updating CRDs when using Helm

 You must update the CRDs for VSO manually **before** you upgrade the
 operator when the operator is managed by Helm.
@ -103,5 +103,62 @@ customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashico

 ## Chart values

-Refer to the [VSO helm chart](/vault/docs/platform/k8s/vso/helm)
+Refer to the [VSO Helm chart](/vault/docs/platform/k8s/vso/helm)
 overview for a full list of supported chart values.
+
+## Installation using Kustomize
+
+You can install and update your installation using `kustomize` which allows you to extend the `config/` path of the VSO repository using Kustomize primitives.
+
+To install using Kustomize, download and untar/unzip the latest release from the [Releases Page](https://github.com/hashicorp/vault-secrets-operator/releases).
+```shell-session
+$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.4.3.tar.gz
+$ tar -zxf v0.4.3.tar.gz
+$ cd vault-secrets-operator-0.4.3/
+```
+
+Next install using `kustomize build`:
+```shell-session
+$ kustomize build config/default | kubectl apply -f -
+namespace/vault-secrets-operator-system created
+customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/vaultauths.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/vaultconnections.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/vaultdynamicsecrets.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/vaultpkisecrets.secrets.hashicorp.com created
+customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashicorp.com created
+serviceaccount/vault-secrets-operator-controller-manager created
+role.rbac.authorization.k8s.io/vault-secrets-operator-leader-election-role created
+clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-manager-role created
+clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-metrics-reader created
+clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-proxy-role created
+rolebinding.rbac.authorization.k8s.io/vault-secrets-operator-leader-election-rolebinding created
+clusterrolebinding.rbac.authorization.k8s.io/vault-secrets-operator-manager-rolebinding created
+clusterrolebinding.rbac.authorization.k8s.io/vault-secrets-operator-proxy-rolebinding created
+configmap/vault-secrets-operator-manager-config created
+service/vault-secrets-operator-controller-manager-metrics-service created
+deployment.apps/vault-secrets-operator-controller-manager created
+```
+
+Confirm the operator has been installed by examining the pods:
+```shell-session
+$ kubectl get pods -n vault-secrets-operator-system
+NAMESPACE                       NAME                                                         READY   STATUS    RESTARTS   AGE
+vault-secrets-operator-system   vault-secrets-operator-controller-manager-56754d5496-cq69s   2/2     Running   0          1m17s
+```
+
+<Note title="Kustomize does not support all features of the Helm chart">
+
+  Notably it will not deploy default VaultAuthMethod, VaultConnection or Transit related resources.
+  Kustomize also does not support pre-delete hooks that the Helm chart uses to cleanup resources
+  and remove finalizers on the uninstall path. Please see [`config/samples`](https://github.com/hashicorp/vault-secrets-operator/tree/main/config/samples)
+  or `config/samples` in the downloaded release artifacts for additional resources.
+
+</Note>
+
+## Upgrade using Kustomize
+
+Upgrading using Kustomize is similar to installation: simply download the new release from github and follow
+the same steps as outlined in [Installation using Kustomize](#installation-using-kustomize).
+No additional steps are required to update the CRDs.