,欢迎您!
登录您的红帽帐户
尚未注册?下面是您应该进行注册的一些理由:
- 从一个位置浏览知识库文章、管理支持案例和订阅、下载更新以及执行其他操作。
- 查看组织内的用户,以及编辑他们的帐户信息、偏好设置和权限。
- 管理您的红帽认证,查看考试历史记录,以及下载认证相关徽标和文档。
您可以使用红帽帐户访问您的会员个人资料、偏好设置以及其他服务,具体决取决于您的客户状态。
出于安全考虑,如果您在公共计算机上通过红帽服务进行培训或测试,完成后务必退出登录。
退出红帽博客
Blog menu
Today, Red Hat is pleased to announce a new open source project, the Vault Operator. In keeping with earlier projects, including the etcd Operator and the Prometheus Operator, the Vault Operator aims to make it easier to install, manage, and maintain instances of Hashicorp Vault – a tool designed for storing, managing, and controlling access to secrets, such as tokens, passwords, certificates, and API keys – on Kubernetes clusters.
We are supporters of Vault, for important reasons. Authentication is fundamental to modern applications. As application design shifts from monolithic to distributed architectures, the various components of an application must communicate with each other over a network in ways that are designed to be trusted and secure. This typically requires authentication, which in turn requires credentials, or secrets. The problem is that there is no de facto way to centrally locate and manage these secrets.
Public cloud providers offer services to help solve this problem, but these solutions can be less than ideal. Not only are the APIs for these services often proprietary, potentially leading to cloud vendor lock-in and impedances to local testing, but they typically aren’t container-native, being designed with VM-centric architectures in mind.
Vault, an open source project, is a powerful alternative to these cloud-based services. It creates a central repository for secrets and enables secrets management, including rotation, leasing, and revocation of secrets. Our goal with the Vault Operator is to make it easier for Kubernetes users to consume this software.
Vault on demand
The Vault Operator we’re launching today, which we’re releasing under the Apache 2.0 open source license, builds on the operator pattern that CoreOS introduced in 2016. Operators are Kubernetes native applications. We define native as being both managed using the Kubernetes APIs via kubectl and ran on Kubernetes as containers. Operators can take advantage of Kubernetes's extensibility to help deliver the automation advantages of cloud services like provisioning, scaling, and backup/restore while being able to run anywhere that Kubernetes can run.
The Vault Operator is designed to make it easier to consume and operate Vault on Kubernetes by leveraging underlying Kubernetes capabilities to automate the provisioning, scaling, and backup/restore operations of Vault. With it, you can deploy a Vault service as easily as you can deploy a single stateless container on Kubernetes. Behind the scenes, the operator is designed to take care of such housekeeping tasks as TLS, etcd provisioning and setup, upgrades, and other details. In this way, you can consume Vault on your cluster the way you would were it provided as a service offered by a cloud provider, only in an open and cloud-agnostic way.
The Vault Operator powers the Vault Open Cloud Service introduced in the CoreOS Tectonic platform in December 2017. By releasing the Vault Operator as an open source project, Red Hat now aims to enable ISVs and IT organizations to use Vault as a managed service in their own environments, powered by automated operations.
We anticipate seeing more operators in the future, developed both by us and by others from across the Kubernetes ecosystem. In the meantime, if you’d like to get involved with extending and improving the Vault Operator, join us on the Vault Operator GitHub repository.