update values to use gcpkms key for auto-unseal
This commit is contained in:
Clint Shryock
parent
678c50bb72
commit
3b31f76981
1 changed files with 13 additions and 0 deletions
13
values.yaml
13
values.yaml
|
|
@ -77,6 +77,11 @@ consulHA:
|
|||
# By default no direct resource request is made.
|
||||
resources: {}
|
||||
|
||||
# updatePartition is used to control a careful rolling update of Vault
|
||||
# servers. This should be done particularly when changing the version
|
||||
# of Vault. Please refer to the documentation for more information.
|
||||
updatePartition: 0
|
||||
|
||||
# config is a raw string of default configuration when using a Stateful
|
||||
# deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
|
||||
# and store data there. This is only used when using a Replica count of 1, and
|
||||
|
|
@ -95,6 +100,14 @@ consulHA:
|
|||
address = "HOST_IP:8500"
|
||||
}
|
||||
|
||||
seal "gcpckms" {
|
||||
#credentials = "/usr/vault/vault-project-user-creds.json"
|
||||
project = "vault-helm-dev"
|
||||
region = "global"
|
||||
key_ring = "vault-helm"
|
||||
crypto_key = "vault-init"
|
||||
}
|
||||
|
||||
# Configuration for DNS configuration within the Kubernetes cluster.
|
||||
# This creates a service that routes to all agents (client or server)
|
||||
# for serving DNS requests. This DOES NOT automatically configure kube-dns
|
||||
|
|
|
|||
Loading…
Reference in a new issue