From 9f6b41da8bec708ab1b3e112bd6982b4d200c9c2 Mon Sep 17 00:00:00 2001 From: Kyle Schochenmaier Date: Fri, 19 Jan 2024 12:16:41 -0600 Subject: [PATCH] [docs] add Kustomize installation documentation for VSO (#24690) * add Kustomize installation docs Co-authored-by: Theron Voran --- .../docs/platform/k8s/vso/installation.mdx | 69 +++++++++++++++++-- 1 file changed, 63 insertions(+), 6 deletions(-) diff --git a/website/content/docs/platform/k8s/vso/installation.mdx b/website/content/docs/platform/k8s/vso/installation.mdx index dde11fd1b1..090f0ca58f 100644 --- a/website/content/docs/platform/k8s/vso/installation.mdx +++ b/website/content/docs/platform/k8s/vso/installation.mdx @@ -11,8 +11,9 @@ description: >- - A Kubernetes cluster running 1.23+ - Helm 3.7+ +- [Optional] Kustomize 4.5.7+ -## Installation using helm +## Installation using Helm [Install Helm](https://helm.sh/docs/intro/install) before beginning. @@ -20,7 +21,7 @@ The [Vault Secrets Operator Helm chart](/vault/docs/platform/k8s/vso/helm) is th installing and configuring the Vault Secrets Operator. To install a new instance of the Vault Secrets Operator, first add the -HashiCorp helm repository and ensure you have access to the chart: +HashiCorp Helm repository and ensure you have access to the chart: ```shell-session $ helm repo add hashicorp https://helm.releases.hashicorp.com @@ -39,8 +40,7 @@ Then install the Operator: $ helm install --version 0.4.3 --create-namespace --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator ``` - -## Upgrading using helm +## Upgrading using Helm You can upgrade an existing installation with the `helm upgrade` command. Please always run Helm with the `--dry-run` option before any install or upgrade to verify @@ -71,7 +71,7 @@ $ helm show crds --version 0.4.3 hashicorp/vault-secrets-operator | kubectl appl $ helm upgrade --version 0.4.3 --namespace vault-secrets-operator vault-secrets-operator hashicorp/vault-secrets-operator ``` -## Updating CRDs +## Updating CRDs when using Helm You must update the CRDs for VSO manually **before** you upgrade the operator when the operator is managed by Helm. @@ -103,5 +103,62 @@ customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashico ## Chart values -Refer to the [VSO helm chart](/vault/docs/platform/k8s/vso/helm) +Refer to the [VSO Helm chart](/vault/docs/platform/k8s/vso/helm) overview for a full list of supported chart values. + +## Installation using Kustomize + +You can install and update your installation using `kustomize` which allows you to extend the `config/` path of the VSO repository using Kustomize primitives. + +To install using Kustomize, download and untar/unzip the latest release from the [Releases Page](https://github.com/hashicorp/vault-secrets-operator/releases). +```shell-session +$ wget -q https://github.com/hashicorp/vault-secrets-operator/archive/refs/tags/v0.4.3.tar.gz +$ tar -zxf v0.4.3.tar.gz +$ cd vault-secrets-operator-0.4.3/ +``` + +Next install using `kustomize build`: +```shell-session +$ kustomize build config/default | kubectl apply -f - +namespace/vault-secrets-operator-system created +customresourcedefinition.apiextensions.k8s.io/hcpauths.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/hcpvaultsecretsapps.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/vaultauths.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/vaultconnections.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/vaultdynamicsecrets.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/vaultpkisecrets.secrets.hashicorp.com created +customresourcedefinition.apiextensions.k8s.io/vaultstaticsecrets.secrets.hashicorp.com created +serviceaccount/vault-secrets-operator-controller-manager created +role.rbac.authorization.k8s.io/vault-secrets-operator-leader-election-role created +clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-manager-role created +clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-metrics-reader created +clusterrole.rbac.authorization.k8s.io/vault-secrets-operator-proxy-role created +rolebinding.rbac.authorization.k8s.io/vault-secrets-operator-leader-election-rolebinding created +clusterrolebinding.rbac.authorization.k8s.io/vault-secrets-operator-manager-rolebinding created +clusterrolebinding.rbac.authorization.k8s.io/vault-secrets-operator-proxy-rolebinding created +configmap/vault-secrets-operator-manager-config created +service/vault-secrets-operator-controller-manager-metrics-service created +deployment.apps/vault-secrets-operator-controller-manager created +``` + +Confirm the operator has been installed by examining the pods: +```shell-session +$ kubectl get pods -n vault-secrets-operator-system +NAMESPACE NAME READY STATUS RESTARTS AGE +vault-secrets-operator-system vault-secrets-operator-controller-manager-56754d5496-cq69s 2/2 Running 0 1m17s +``` + + + + Notably it will not deploy default VaultAuthMethod, VaultConnection or Transit related resources. + Kustomize also does not support pre-delete hooks that the Helm chart uses to cleanup resources + and remove finalizers on the uninstall path. Please see [`config/samples`](https://github.com/hashicorp/vault-secrets-operator/tree/main/config/samples) + or `config/samples` in the downloaded release artifacts for additional resources. + + + +## Upgrade using Kustomize + +Upgrading using Kustomize is similar to installation: simply download the new release from github and follow +the same steps as outlined in [Installation using Kustomize](#installation-using-kustomize). +No additional steps are required to update the CRDs.