Account 로그인

Today, Red Hat is pleased to announce a new open source project, the Vault Operator. In keeping with earlier projects, including the etcd Operator and the Prometheus Operator, the Vault Operator aims to make it easier to install, manage, and maintain instances of Hashicorp Vault – a tool designed for storing, managing, and controlling access to secrets, such as tokens, passwords, certificates, and API keys – on Kubernetes clusters.

We are supporters of Vault, for important reasons. Authentication is fundamental to modern applications. As application design shifts from monolithic to distributed architectures, the various components of an application must communicate with each other over a network in ways that are designed to be trusted and secure. This typically requires authentication, which in turn requires credentials, or secrets. The problem is that there is no de facto way to centrally locate and manage these secrets.

Public cloud providers offer services to help solve this problem, but these solutions can be less than ideal. Not only are the APIs for these services often proprietary, potentially leading to cloud vendor lock-in and impedances to local testing, but they typically aren’t container-native, being designed with VM-centric architectures in mind.

Vault, an open source project, is a powerful alternative to these cloud-based services. It creates a central repository for secrets and enables secrets management, including rotation, leasing, and revocation of secrets. Our goal with the Vault Operator is to make it easier for Kubernetes users to consume this software.

Vault on demand

The Vault Operator we’re launching today, which we’re releasing under the Apache 2.0 open source license, builds on the operator pattern that CoreOS introduced in 2016. Operators are Kubernetes native applications. We define native as being both managed using the Kubernetes APIs via kubectl and ran on Kubernetes as containers. Operators can take advantage of Kubernetes's extensibility to help deliver the automation advantages of cloud services like provisioning, scaling, and backup/restore while being able to run anywhere that Kubernetes can run.

The Vault Operator is designed to make it easier to consume and operate Vault on Kubernetes by leveraging underlying Kubernetes capabilities to automate the provisioning, scaling, and backup/restore operations of Vault. With it, you can deploy a Vault service as easily as you can deploy a single stateless container on Kubernetes. Behind the scenes, the operator is designed to take care of such housekeeping tasks as TLS, etcd provisioning and setup, upgrades, and other details. In this way, you can consume Vault on your cluster the way you would were it provided as a service offered by a cloud provider, only in an open and cloud-agnostic way.

The Vault Operator powers the Vault Open Cloud Service introduced in the CoreOS Tectonic platform in December 2017. By releasing the Vault Operator as an open source project, Red Hat now aims to enable ISVs and IT organizations to use Vault as a managed service in their own environments, powered by automated operations.

We anticipate seeing more operators in the future, developed both by us and by others from across the Kubernetes ecosystem. In the meantime, if you’d like to get involved with extending and improving the Vault Operator, join us on the Vault Operator GitHub repository.


About the author

Red Hat logo LinkedInYouTubeFacebookTwitter

제품

구매 정보

커뮤니케이션

Red Hat 소개

Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.

Red Hat Shares 뉴스레터를 구독하세요

지금 신청하기

언어 선택

© 2022 Red Hat, Inc. Red Hat Summit