OpenBaoCluster¶
OpenBaoCluster is the primary Custom Resource Definition (CRD) that declaratively defines a production-ready OpenBao cluster on Kubernetes.
It acts as a high-level abstraction over complex stateful infrastructure, managing the entire lifecycle of the cluster.
Capabilities¶
-
Secure Defaults
Automatic TLS certificate management
Secure-by-default configurations
Security Profiles for hardening
-
infrastructure
Managed StatefulSets and Services
Configurable Storage and PVCs
Automated resizing (Vertical Scaling)
-
Day 2 Operations
Automated Upgrades (Rolling & Blue/Green)
Automated Backups to S3/GCS/Azure
Breakdown/Recovery automation
GitOps Architecture¶
The Operator follows a strict GitOps contract. Your Git repository is the source of truth for the spec (Desired State), while the Operator reports the status (Observed State).
flowchart LR
Git["fa:fa-code-branch Git (ArgoCD/Flux)"] -->|Sync| Spec["OpenBaoCluster.spec\n(Desired State)"]
Spec -->|Reconcile| Controller["fa:fa-gears Operator Controller"]
subgraph Cluster ["Kubernetes Cluster"]
Controller -->|Manage| Infra["StatefulSet\nServices\nConfigMaps\nSecrets"]
Infra -.->|Report| Status["OpenBaoCluster.status\n(Observed State)"]
end
classDef write fill:transparent,stroke:#22c55e,stroke-width:2px,color:#fff;
classDef read fill:transparent,stroke:#60a5fa,stroke-width:2px,color:#fff;
classDef git fill:transparent,stroke:#f472b6,stroke-width:2px,color:#fff;
class Spec read;
class Status,Infra write;
class Git git;Configuration Examples¶
Start small for local development or testing.
A standard 3-node HA cluster with TLS and storage.
Next Steps¶
-
Configuration
Deep dive into customization options.
-
Operations
Manage upgrades and disaster recovery.