»Installing the Vault CSI Provider
- Kubernetes 1.16+ for both the master and worker nodes (Linux-only)
- Secrets store CSI driver installed
TokenRequestendpoint available, which requires setting the flags
kube-apiserver. Set by default from 1.20+ and earlier in most managed services.
»Installation using helm
The Vault Helm chart is the recommended way to install and configure the Vault CSI Provider in Kubernetes.
To install a new instance of Vault and the Vault CSI Provider, first add the HashiCorp helm repository and ensure you have access to the chart:
Vault CSI Provider Helm installation requires Vault Helm 0.10.0+.
$ helm repo add hashicorp https://helm.releases.hashicorp.com"hashicorp" has been added to your repositories $ helm search repo hashicorp/vaultNAME CHART VERSION APP VERSION DESCRIPTIONhashicorp/vault 0.10.0 1.7.0 Official HashiCorp Vault Chart
Then install the chart and enable the CSI feature by setting the
csi.enabled value to
# Note: this will also install the Vault server and Agent Injector.helm install vault hashicorp/vault --set="csi.enabled=true"
Upgrades may be performed with
helm upgrade on an existing install. Please
always run Helm with
--dry-run before any install or upgrade to verify
You can see all the available values settings by running
helm inspect values hashicorp/vault or by reading the Vault Helm Configuration
Docs. Commonly used values in the Helm
chart include limiting the namespaces the Vault CSI Provider runs in, TLS options and