Configuring Vault-Helm PVC

Question

I'm fairly new to K8S and i've been trying to implement vault on k8s. I've been trying to deploy Hashicorp Vault on K8S using Helm as written on their website. -- https://www.vaultproject.io/docs/platform/k8s/helm/run/ -- https://github.com/hashicorp/vault-helm - Branch 0.4.0

I've come across an issue which is not entirely clear to me. in the files, Values.yaml is to be edited in order to configure it for my environment while doing so, I've tried to configure it to write to storage, as it's needed. this configuration is located in the file like so:

  # This configures the Vault Statefulset to create a PVC for data
  # storage when using the file backend.
  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
  dataStorage:
    enabled: true
    # Size of the PVC created
    size: 10Gi
    # Name of the storage class to use.  If null it will use the
    # configured default Storage Class.
    storageClass: null
    # Access Mode of the storage device being used for the PVC
    accessMode: ReadWriteOnce

When running this, as it as, its supposed to create a PVC called "data" as thats the default specifically:

"data-vault-0"

this is the message received from the kubectl describe pod vault-0

error while running "VolumeBinding" filter plugin for pod "vault-0": pod has unbound immediate > PersistentVolumeClaims

following, the command kubectl describe pvc data-vault-0, shows this:

persistentvolume-controller storageclass.storage.k8s.io "data" not found

I followed up the way its supposed to configure the PVC, and it uses a helper file called

_helpers.tpl

in that helper file, it shows the configuration as follows:

{{/*
Set's up the volumeClaimTemplates when data or audit storage is required.  HA
might not use data storage since Consul is likely it's backend, however, audit
storage might be desired by the user.
*/}}
{{- define "vault.volumeclaims" -}}
  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
  volumeClaimTemplates:
      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (eq .mode "standalone") }}
    - metadata:
        name: data
      spec:
        accessModes:
          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
        resources:
          requests:
            storage: {{ .Values.server.dataStorage.size }}
          {{- if .Values.server.dataStorage.storageClass }}
        storageClassName: {{ .Values.server.dataStorage.storageClass }}
          {{- end }}
      {{ end }}

i drilled down into k8s with pvc and pv. it seemes to me that i need to define a pv and ONLY THEN can this entire chart load properly problem is... im a bit lost at how to do it so that it can work with this chart do i need to deploy using a separate k8s deploy? like writing a specific yaml for pv and then run the chart?

has anyone dealt with this before and can offer pointers?

thanks!

Answer 1

1. Create storage class

   kind: StorageClass
   apiVersion: storage.k8s.io/v1
   metadata:
     name: local-storage
   reclaimPolicy: Delete
   volumeBindingMode: WaitForFirstConsumer
   

2. Create directory on node where you want to store PV and then create PV in k8s. See example below.

3. Assign label "app.kubernetes.io/instance: vault" to this node
4. Fix PVC from Helm. PVC should contain storageClassName: local-storage in spec. You can do it in dashboard(copy and delete old then add new).

Example PV (replace vault_node_hostname with your data)

# mkdir -p /srv/cluster/storage/001
# cat PersistentVolume001.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
  name: vol001
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  local:
    path: /srv/cluster/storage/001
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - vault_node_hostname

# kubectl create -f PersistentVolume001.yaml