This Terraform example stands up a full deployment of a HCP Vault cluster with a connected AWS EKS cluster. This repo automates (eliminates much of) the manual effort to create a Highly Available (HA) Vault service within an AWS EKS (Elastic Kubernetes Service) cluster managed by the HCP (HashiCorp Cloud Platform) -- the quickest and most secure and repeatable way to do so.
- Create a HCP Service Key and set the required environment variables
export HCP_CLIENT_ID=...
export HCP_CLIENT_SECRET=...
- Export your Vault Account credentials
export VAULT_ADDR=...
export VAULT_TOKEN=...
export VAULT_NAMESPACE=admin
- Export your AWS Account credentials, as defined by the AWS Terraform provider
- Initialize and apply the Terraform configuration to get a full environment
terraform init && terraform apply
- Edit the sample.tfvars to customize the install, then initialize and apply the Terraform configuration to get a customized environment
terraform init && terraform apply -var-file="sample.tfvars"
The HCP Vault cluster can be accessed via the outputs consul_url and
consul_root_token.
The EKS cluster can be accessed via the output kubeconfig_filename, which
references a created kubeconfig file that can be used by setting the
KUBECONFIG environment variable
export KUBECONFIG=$(terraform output --raw kubeconfig_filename)Warning: This application is publicly accessible, make sure to delete the Kubernetes resources associated to the application when done.