gke-helm-vault

gatsbysghost/gke-helm-vault/google

Terraform Module HCL GOOGLE

Terraform module to generate a Hashicorp Vault cluster on GKE

Install

module "gke-helm-vault" {

source = "gatsbysghost/gke-helm-vault/google"

version = "0.2.1"

}

plain text: /constructs/tfmod-gatsbysghost-gke-helm-vault-google/install.txt

⭐ Source on GitHub 📦 Registry page

README

README A detailed accounting of the module structure can be found in this blog post. An operational summary follows below. Purpose Vault's implementation on Kubernetes is really pretty good, but there's no offical (or even particularly high-quality) batteries-included Terraform module out there to produce a Vault Kubernetes cluster on GKE with minimal pain. So I decided to write one. A Note on Credentials As with all Terraform on GCP, you'll need to create a service account (or use one of your existing ones) and provide this module with access to it. That service account will need quite a few permissions, as it will be creating a static external IP, making new service accounts for Vault, generating Kubernetes secrets, setting up a cluster, generating keys and keyrings in Cloud KMS, and mor

Inputs (13)

Name	Type	Description	Default
cert_secret_name	string	Name to use for the k8s secret containing the ACME TLS cert/ca/key	required
vault_hostname	string	Domain name to use for the DNS zone, A record, and TLS Cert	required
cert_organization_name	string	Organization name for Private Cert, e.g. 'MyCorp Inc.'	required
cert_common_name	string	CN for Private Cert, e.g. 'MyCorp Inc. Private Certificate Authority'	required
cluster_name	string	Name to use for the Vault GKE cluster	required
region	string	GCP region in which to create resources	required
cluster_zone	string	GCP zone in which to instantiate the Kubernetes cluster	required
credentials_file	string	Path to GCP Credentials JSON file	required
cert_country	string	Country in which the private cert will be issued	required
public_cert_email_address	string	Email address to use for the public-facing TLS cert	required
vault_version	string	Version of Hashicorp Vault to use (e.g. '1.5.5')	required
project_id	string	Project ID of the GCP project in which resources will be created	required
num_vault_pods	number	Number of Vault pods to create in GKE	`3`

Details

FrameworkTerraform Module

LanguageHCL

Version0.2.1

Cloud GOOGLE

★ Stars4

Forks9

Total downloads5.1k

Inputs13

Submodules8

LicenseMIT

Namespacegatsbysghost

Updated

Tools

⚖ Compare with another construct → 📋 View data schema