openbao-helm/values.yaml

# Available parameters and their default values for the Vault chart.

# Server, when enabled, configures a server cluster to run. This should
# be disabled if you plan on connecting to a Vault cluster external to
# the Kube cluster.

global:
  # enabled is the master enabled switch. Setting this to true or false
  # will enable or disable all the components within this chart by default.
  # Each component can be overridden using the component-specific "enabled"
  # value.
  enabled: true

  # Domain to register the Vault DNS server to listen for.
  # TODO: verify for vault (don't think it's needed)
  domain: vault

  # Image is the name (and tag) of the Vault Docker image for clients and
  # servers below. This can be overridden per component.
  #image: "vault:0.11.1"
  image: "vault:1.0.0-beta2"

server:
  enabled: false
  image: null
  replicas: 1

  # storage and storageClass are the settings for configuring stateful
  # storage for the server pods. storage should be set to the disk size of
  # the attached volume. storageClass is the class of storage which defaults
  # to null (the Kube cluster will pick the default).
  storage: 10Gi
  storageClass: null

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec.
  # By default no direct resource request is made.
  resources: {}

  # config is a raw string of default configuration when using a Stateful
  # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
  # and store data there. This is only used when using a Replica count of 1, and
  # using a stateful set
  # This should be HCL
  config: |
    ui = true
    listener "tcp" {
      tls_disable = 1
      address     = "0.0.0.0:8200"
    }
    storage "file" {
      path = "/vault/data"
    }

  # extraVolumes is a list of extra volumes to mount. These will be exposed
  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
  # an array of objects, examples are shown below.
  extraVolumes: []
    # - type: secret (or "configMap")
    #   name: my-secret
    #   load: false # if true, will add to `-config-dir` to load by Vault

consulHA:
  enabled: false
  image: null
  replicas: 3

  # storage and storageClass are the settings for configuring stateful
  # storage for the server pods. storage should be set to the disk size of
  # the attached volume. storageClass is the class of storage which defaults
  # to null (the Kube cluster will pick the default).
  storage: 2Gi
  storageClass: null

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec.
  # By default no direct resource request is made.
  resources: {}

  # config is a raw string of default configuration when using a Stateful
  # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
  # and store data there. This is only used when using a Replica count of 1, and
  # using a stateful set
  # This should be HCL
  config: |
    ui = true
    listener "tcp" {
      tls_disable = 1
      address     = "0.0.0.0:8200"
      cluster_address = "POD_IP:8201"
    }

    storage "consul" {
      path = "vault"
      address = "HOST_IP:8500"
    }

# Configuration for DNS configuration within the Kubernetes cluster.
# This creates a service that routes to all agents (client or server)
# for serving DNS requests. This DOES NOT automatically configure kube-dns
# today, so you must still manually configure a `stubDomain` with kube-dns
# for this to have any effect:
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers
# TODO: verify for vault (don't think it's needed)
dns:
  enabled: "-"

ui:
  # True if you want to enable the Vault UI. The UI will run only
  # on the server nodes. This makes UI access via the service below (if
  # enabled) predictable rather than "any node" if you're running Vault
  # clients as well.
  enabled: "-"

  # True if you want to create a Service entry for the Vault UI.
  #
  # serviceType can be used to control the type of service created. For
  # example, setting this to "LoadBalancer" will create an external load
  # balancer (for supported K8S installations) to access the UI.
  service:
    enabled: true
    type: LoadBalancer
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# Available parameters and their default values for the Vault chart.`
Move chart to top-level 2018-08-18 21:15:37 +00:00
			`# Server, when enabled, configures a server cluster to run. This should`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# be disabled if you plan on connecting to a Vault cluster external to`
Move chart to top-level 2018-08-18 21:15:37 +00:00			`# the Kube cluster.`

Add global.enabled to disable all components by default 2018-09-02 23:19:11 +00:00			`global:`
			`# enabled is the master enabled switch. Setting this to true or false`
			`# will enable or disable all the components within this chart by default.`
			`# Each component can be overridden using the component-specific "enabled"`
			`# value.`
			`enabled: true`

trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# Domain to register the Vault DNS server to listen for.`
snapshot 2018-10-29 15:36:53 +00:00			`# TODO: verify for vault (don't think it's needed)`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`domain: vault`
Move chart to top-level 2018-08-18 21:15:37 +00:00
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# Image is the name (and tag) of the Vault Docker image for clients and`
Support global.image value 2018-09-05 14:45:54 +00:00			`# servers below. This can be overridden per component.`
update beta version 2018-11-16 21:52:25 +00:00			`#image: "vault:0.11.1"`
			`image: "vault:1.0.0-beta2"`
Move datacenter to global 2018-09-08 14:52:31 +00:00
Move chart to top-level 2018-08-18 21:15:37 +00:00			`server:`
update values, correct security spot for contianers 2018-11-16 22:46:29 +00:00			`enabled: false`
Support global.image value 2018-09-05 14:45:54 +00:00			`image: null`
remove unused things for default, single pod setup 2018-10-05 21:11:45 +00:00			`replicas: 1`
Unit tests for storageClass 2018-09-22 16:57:36 +00:00
			`# storage and storageClass are the settings for configuring stateful`
			`# storage for the server pods. storage should be set to the disk size of`
			`# the attached volume. storageClass is the class of storage which defaults`
			`# to null (the Kube cluster will pick the default).`
Move chart to top-level 2018-08-18 21:15:37 +00:00			`storage: 10Gi`
Unit tests for storageClass 2018-09-22 16:57:36 +00:00			`storageClass: null`
Move chart to top-level 2018-08-18 21:15:37 +00:00
			`# Resource requests, limits, etc. for the server cluster placement. This`
			`# should map directly to the value of the resources field for a PodSpec.`
			`# By default no direct resource request is made.`
			`resources: {}`

consolidate config-map 2018-11-19 20:49:30 +00:00			`# config is a raw string of default configuration when using a Stateful`
probably wrong format values 2018-10-05 21:34:07 +00:00			`# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data`
			`# and store data there. This is only used when using a Replica count of 1, and`
			`# using a stateful set`
			`# This should be HCL`
consolidate config-map 2018-11-19 20:49:30 +00:00			`config: \|`
really ugly hack/slash proof-of-concept, forked from consul-helm 2018-10-02 21:14:57 +00:00			`ui = true`
			`listener "tcp" {`
			`tls_disable = 1`
			`address = "0.0.0.0:8200"`
			`}`
			`storage "file" {`
remove unused things for default, single pod setup 2018-10-05 21:11:45 +00:00			`path = "/vault/data"`
really ugly hack/slash proof-of-concept, forked from consul-helm 2018-10-02 21:14:57 +00:00			`}`
Move chart to top-level 2018-08-18 21:15:37 +00:00
Support extraVolumes for server, will add for client soon 2018-09-08 15:28:13 +00:00			`# extraVolumes is a list of extra volumes to mount. These will be exposed`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			# to Vault in the path `/vault/userconfig/<name>/`. The value below is
Support extraVolumes for server, will add for client soon 2018-09-08 15:28:13 +00:00			`# an array of objects, examples are shown below.`
			`extraVolumes: []`
			`# - type: secret (or "configMap")`
			`# name: my-secret`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			# load: false # if true, will add to `-config-dir` to load by Vault
clients support extraVolumes 2018-09-08 15:35:07 +00:00
probably wrong format values 2018-10-05 21:34:07 +00:00			`consulHA:`
			`enabled: false`
			`image: null`
			`replicas: 3`

			`# storage and storageClass are the settings for configuring stateful`
			`# storage for the server pods. storage should be set to the disk size of`
			`# the attached volume. storageClass is the class of storage which defaults`
			`# to null (the Kube cluster will pick the default).`
			`storage: 2Gi`
			`storageClass: null`

			`# Resource requests, limits, etc. for the server cluster placement. This`
			`# should map directly to the value of the resources field for a PodSpec.`
			`# By default no direct resource request is made.`
			`resources: {}`

consolidate config-map 2018-11-19 20:49:30 +00:00			`# config is a raw string of default configuration when using a Stateful`
probably wrong format values 2018-10-05 21:34:07 +00:00			`# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data`
			`# and store data there. This is only used when using a Replica count of 1, and`
			`# using a stateful set`
			`# This should be HCL`
consolidate config-map 2018-11-19 20:49:30 +00:00			`config: \|`
probably wrong format values 2018-10-05 21:34:07 +00:00			`ui = true`
			`listener "tcp" {`
			`tls_disable = 1`
			`address = "0.0.0.0:8200"`
Add stateless configuration. Assumes a consul deployed 2018-10-08 21:35:20 +00:00			`cluster_address = "POD_IP:8201"`
probably wrong format values 2018-10-05 21:34:07 +00:00			`}`
Add stateless configuration. Assumes a consul deployed 2018-10-08 21:35:20 +00:00
probably wrong format values 2018-10-05 21:34:07 +00:00			`storage "consul" {`
Add stateless configuration. Assumes a consul deployed 2018-10-08 21:35:20 +00:00			`path = "vault"`
probably wrong format values 2018-10-05 21:34:07 +00:00			`address = "HOST_IP:8500"`
			`}`

Add consul-dns service 2018-09-12 00:53:02 +00:00			`# Configuration for DNS configuration within the Kubernetes cluster.`
			`# This creates a service that routes to all agents (client or server)`
			`# for serving DNS requests. This DOES NOT automatically configure kube-dns`
			# today, so you must still manually configure a `stubDomain` with kube-dns
			`# for this to have any effect:`
			`# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#configure-stub-domain-and-upstream-dns-servers`
snapshot 2018-10-29 15:36:53 +00:00			`# TODO: verify for vault (don't think it's needed)`
Add consul-dns service 2018-09-12 00:53:02 +00:00			`dns:`
			`enabled: "-"`

			`ui:`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# True if you want to enable the Vault UI. The UI will run only`
Add consul-dns service 2018-09-12 00:53:02 +00:00			`# on the server nodes. This makes UI access via the service below (if`
trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# enabled) predictable rather than "any node" if you're running Vault`
Add consul-dns service 2018-09-12 00:53:02 +00:00			`# clients as well.`
			`enabled: "-"`

trim, s/Consul/Vault 2018-09-28 20:45:58 +00:00			`# True if you want to create a Service entry for the Vault UI.`
Add consul-dns service 2018-09-12 00:53:02 +00:00			`#`
			`# serviceType can be used to control the type of service created. For`
			`# example, setting this to "LoadBalancer" will create an external load`
			`# balancer (for supported K8S installations) to access the UI.`
			`service:`
			`enabled: true`
snapshot 2018-10-29 15:36:53 +00:00			`type: LoadBalancer`