Basic Cluster Creation¶
This guide walks you through creating your first OpenBaoCluster. Choose the path that matches your use case.
Prerequisites¶
- OpenBao Operator: Installed and running (see Installation)
- Storage Class: Default storage class configured in the cluster
Choose Your Path¶
For local development and testing. Not suitable for production.
apiVersion: openbao.org/v1alpha1
kind: OpenBaoCluster
metadata:
name: dev-cluster
namespace: default
spec:
version: "2.4.4"
image: "openbao/openbao:2.4.4"
replicas: 3
profile: Development
tls:
enabled: true
mode: OperatorManaged
rotationPeriod: "720h"
storage:
size: "10Gi"
Development Profile
The Development profile uses static auto-unseal and stores sensitive
material in Kubernetes Secrets. This is convenient for testing but
insecure for production use.
For production deployments with hardened security.
apiVersion: openbao.org/v1alpha1
kind: OpenBaoCluster
metadata:
name: prod-cluster
namespace: openbao
spec:
version: "2.4.4"
image: "openbao/openbao:2.4.4"
replicas: 3
profile: Hardened
tls:
enabled: true
mode: External
storage:
size: "50Gi"
selfInit:
enabled: true
unseal:
type: awskms
awskms:
region: us-east-1
kmsKeyID: alias/openbao-unseal
Production Checklist
Before deploying to production, complete the Production Checklist to ensure proper security configuration.
Apply the Configuration¶
Verify Deployment¶
Check the cluster status:
Watch pods come up:
Check Status Conditions¶
Look for:
status.phase— Current lifecycle phasestatus.readyReplicas— Number of ready replicasstatus.initialized—trueafter cluster initializationstatus.conditions:Available— Cluster is serving requestsTLSReady— TLS certificates are validProductionReady— Security requirements met (Hardened only)Degraded— Issues detected
Next Steps¶
- External Access — Expose your cluster
- Security Profiles — Understand profile differences
- Backups — Configure disaster recovery