[mbag]

Thanks. Too bad Ansible playbooks are not public. To be clear I'm not defending Hashicorp, as I have played quite a bit with their tools (only opensource versions) and getting deployments production ready, can be painful, especially setting up security correctly, with so many moving parts.

I know about Helm chart for Vault (btw also created and maintained by Hashicorp). It's quite handy for quick deployments, but getting it to production will require changes, as most security things are disabled. All Helm chart does, it gets Vault up and running, unsealing has to be done either manually or via third party (cool thing, if your use-case allows storing such secret on third party HW). Not to mention, that if you want to use Consul as storage backend, you will have to deal with that using separate chart.

Without knowledge what Ansible playbook does, it's hard to compare the two. If ansible is configuring host OS from scratch (updates/tools installation etc) then yes, it might take much longer, then deploying to fully managed K8s cluster.

[ksatirli]

There are a handful of Ansible Roles that are community-maintained that might be of interest to you:

- https://github.com/ansible-community/ansible-consul - https://github.com/ansible-community/ansible-nomad - https://github.com/ansible-community/ansible-vault

(These were originally started by brianshumate who did an amazing job that makes starting out from scratch easy)

[techntoke]

True, I think the nice thing about Vault Helm chart (and Consul) is that you can swap in the enterprise image. You can customize the image to your liking as well. It is lightweight and easy to scale comparably. There is definitely extra work involved, but the Ansible playbook is just sequential tasks that could be baked into the container and make it a lot faster.

I'm a big fan of Kubernetes and Helm/Kustomize as a whole, though there are times where Terraform and Ansible makes sense too.