Install a development Vault on Kubernetes

Helm Vault chart development testing

2 min read | by Jordi Prats

If you are using Vault for storing secrets, it is desirable to have a different Vault for testing, CI and development. Having to setup an alternate production-grade Vault can be just not worth it (specially for volatile environments)

For local environments it comes handy to use the dev server mode, for Kubernetes we can use the pet2cattle/helm-testvault to deploy it as an in-cluster service

To deploy the test vault we can use the following helm commands:

helm repo add testvault
helm install testvault testvault/testvault -n testvault --create-namespace

Once deployed, we'll be able to see how it's going to create a ClusterIP service:

$ kubectl get service -n testvault
testvault   ClusterIP   <none>        80/TCP    67s

And deploy the Vault itself using a Deployment and a Pod that can be used to interact with the vault server:

$ kubectl get pods -n testvault
NAME                         READY   STATUS    RESTARTS   AGE
testvault-7cf646bf95-rkznq   1/1     Running   0          14s
testvault-vaultcli           1/1     Running   0          14s

The vaultcli Pod points to http://testvault:80:

$ kubectl get pod testvault-vaultcli -n testvault -o yaml
apiVersion: v1
kind: Pod
  - command:
    - sleep
    - 24h
    - name: VAULT_ADDR
      value: http://testvault:80
    image: vault

But if you need to access it from another namespace, you are gonna need to specify the namespace (or use the FQDN following the Kubernetes DNS naming schema):


The root access token is test, so you can use the following kubectl exec command to login to vault and create an initial secret:

kubectl exec -it testvault-vaultcli -n testvault -- sh -c "echo test | vault login -; vault kv put -mount=secret demo hello=world; vault kv get -mount=secret demo"

Posted on 22/09/2022