Contains the services that make up Vault and allows modular
deployments where only certain subsets of Vault functionality
are deployed depending on a client’s requirements.
The crown package includes:
● The Kubernetes resources required to run the
corresponding Docker images on the Kubernetes cluster;
these will have been pushed to an appropriate Docker
registry before installation
● Metadata required to configure the system components
such as the HashiCorp Vault policies and roles required to
grant the service access to the secrets it needs to run
NOTE Each service is run on Kubernetes under its own unique
Kubernetes service account and this is used to attach a
service-specific policy and role in HashiCorp Vault. The
policies defined in the crown package grant access only to the
secrets that are required for that application, and the role is
specific to the Kubernetes service account for that application
running within a specific Kubernetes namespace.