update values to use gcpkms key for auto-unseal

This commit is contained in:
Clint Shryock 2018-11-20 16:23:16 -06:00
parent 678c50bb72
commit 3b31f76981
No known key found for this signature in database
GPG key ID: B7C8F9C70EC5CD29

View file

@ -77,6 +77,11 @@ consulHA:
# By default no direct resource request is made.
resources: {}
# updatePartition is used to control a careful rolling update of Vault
# servers. This should be done particularly when changing the version
# of Vault. Please refer to the documentation for more information.
updatePartition: 0
# config is a raw string of default configuration when using a Stateful
# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
# and store data there. This is only used when using a Replica count of 1, and
@ -95,6 +100,14 @@ consulHA:
address = "HOST_IP:8500"
}
seal "gcpckms" {
#credentials = "/usr/vault/vault-project-user-creds.json"
project = "vault-helm-dev"
region = "global"
key_ring = "vault-helm"
crypto_key = "vault-init"
}
# Configuration for DNS configuration within the Kubernetes cluster.
# This creates a service that routes to all agents (client or server)
# for serving DNS requests. This DOES NOT automatically configure kube-dns