begin changes to using openbao everywhere instead of vault

also begin massive change over to using helm's official chart release and testing actions

Signed-off-by: jessebot <jessebot@linux.com>

.github/workflows/acceptance.yaml

@@ -5,7 +5,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kind-k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7, 1.29.2]
+        kind-k8s-version: [1.27.11, 1.28.7, 1.29.2]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/actionlint.yml

@@ -1,14 +0,0 @@
-# If the repository is public, be sure to change to GitHub hosted runners
-name: Lint GitHub Actions Workflows
-on:
-  push:
-    paths:
-      - .github/workflows/**.yml
-  pull_request:
-    paths:
-      - .github/workflows/**.yml
-permissions:
-  contents: read
-jobs:
-  actionlint:
-    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main

.github/workflows/jira.yaml

@@ -1,17 +0,0 @@
-name: Jira Sync
-on:
-  issues:
-    types: [opened, closed, deleted, reopened]
-  pull_request_target:
-    types: [opened, closed, reopened]
-  issue_comment: # Also triggers when commenting on a PR from the conversation view
-    types: [created]
-jobs:
-  sync:
-    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
-    secrets:
-      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-    with:
-      teams-array: '["ecosystem", "foundations-eco"]'

.github/workflows/lint-chart.yml

@@ -0,0 +1,47 @@
+name: Lint and Test Chart
+
+on:
+  pull_request:
+    paths:
+      - 'charts/**'
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: "0"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.1
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Run chart-testing (lint)
+        id: lint
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.10.0
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        id: install
+        if: steps.list-changed.outputs.changed == 'true'
+        run: ct install --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/release-chart.yml

@@ -0,0 +1,38 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'charts/**'
+
+jobs:
+  release:
+    environment: helm-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3.5
+        id: helm-install
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run chart-releaser
+        id: helm-release
+        uses: helm/chart-releaser-action@v1.6.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_GENERATE_RELEASE_NOTES: true

.github/workflows/update-helm-charts-index.yml

@@ -1,40 +0,0 @@
-name: update-helm-charts-index
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-
-permissions:
-  contents: read
-
-jobs:
-  update-helm-charts-index:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: verify Chart version matches tag version
-        run: |-
-          export TAG=${{ github.ref_name }}
-          git_tag="${TAG#v}"
-          chart_tag=$(yq -r '.version' Chart.yaml)
-          if [ "${git_tag}" != "${chart_tag}" ]; then
-            echo "chart version (${chart_tag}) did not match git version (${git_tag})"
-            exit 1
-          fi
-      - name: update helm-charts index
-        id: update
-        env:
-          GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }}
-        run: |-
-          gh workflow run publish-charts.yml \
-            --repo hashicorp/helm-charts \
-            --ref main \
-            -f SOURCE_TAG="${{ github.ref_name }}" \
-            -f SOURCE_REPO="${{ github.repository }}"
-      - uses: hashicorp/actions-slack-status@v1
-        if: ${{always()}}
-        with:
-          success-message: "vault-helm charts index update triggered successfully. View the run <https://github.com/hashicorp/helm-charts/actions/workflows/publish-charts.yml|here>."
-          failure-message: "vault-helm charts index update trigger failed."
-          status: ${{job.status}}
-          slack-webhook-url: ${{secrets.SLACK_WEBHOOK_URL}}

Chart.yaml

@@ -1,19 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
-apiVersion: v2
-name: vault
-version: 0.27.0
-appVersion: 1.15.2
-kubeVersion: ">= 1.20.0-0"
-description: Official HashiCorp Vault Chart
-home: https://www.vaultproject.io
-icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
-keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"]
-sources:
-  - https://github.com/hashicorp/vault
-  - https://github.com/hashicorp/vault-helm
-  - https://github.com/hashicorp/vault-k8s
-  - https://github.com/hashicorp/vault-csi-provider
-annotations:
-  charts.openshift.io/name: HashiCorp Vault

README.md

@@ -1,12 +1,12 @@
-# Vault Helm Chart
+# OpenBao Helm Chart
 
-> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
-you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
-by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+> :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If
+you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_
+by contacting us at [](mailto:).
 
-This repository contains the official HashiCorp Helm chart for installing
-and configuring Vault on Kubernetes. This chart supports multiple use
-cases of Vault on Kubernetes depending on the values provided.
+This repository contains the OpenBao Helm chart for installing
+and configuring OpenBao on Kubernetes. This chart supports multiple use
+cases of OpenBao on Kubernetes depending on the values provided.
 
 For full documentation on this Helm chart along with all the ways you can
 use Vault with Kubernetes, please see the
@@ -20,24 +20,19 @@ this README. Please refer to the Kubernetes and Helm documentation.
 
 The versions required are:
 
-  * **Helm 3.6+**
-  * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested.
+  * **Helm 3.12+** - Earliest verison tested
+  * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested.
     It is possible that this chart works with earlier versions but it is
     untested.
 
 ## Usage
 
-To install the latest version of this chart, add the Hashicorp helm repository
-and run `helm install`:
+To install the latest version of this chart, add the Hashicorp helm repository and run `helm install`:
 
 ```console
-$ helm repo add hashicorp https://helm.releases.hashicorp.com
-"hashicorp" has been added to your repositories
+helm repo add openbao https://openbao.github.io/openbao-helm
 
-$ helm install vault hashicorp/vault
+helm install openbao openbao/openbao
 ```
 
-Please see the many options supported in the `values.yaml` file. These are also
-fully documented directly on the [Vault
-website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more
-detailed installation instructions.
+Please see the many options supported in the [`values.yaml`](./charts/openbao/values.yaml) file. These are also fully documented directly in the [openbao README](./charts/openbao/README.md) along with more detailed installation instructions.

charts/openbao/Chart.yaml

@@ -0,0 +1,20 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+apiVersion: v2
+name: openbao
+version: 0.1.0
+appVersion: v2.0.0-alpha20240329
+kubeVersion: ">= 1.27.0-0"
+description: Official openbao Chart
+home: https://github.com/openbao/openbao-helm
+icon: https://avatars.githubusercontent.com/u/152585220?s=200&v=4
+keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"]
+sources:
+  - https://github.com/openbao/openbao-helm
+annotations:
+  charts.openshift.io/name: Openbao
+
+maintainers:
+  - name: jessebot
+    url: https://github.com/jessebot

charts/openbao/README.md

@@ -0,0 +1,291 @@
+# openbao
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v2.0.0-alpha20240329](https://img.shields.io/badge/AppVersion-v2.0.0--alpha20240329-informational?style=flat-square)
+
+Official openbao Chart
+
+**Homepage:** <https://github.com/openbao/openbao-helm>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| jessebot |  | <https://github.com/jessebot> |
+
+## Source Code
+
+* <https://github.com/openbao/openbao-helm>
+
+## Requirements
+
+Kubernetes: `>= 1.27.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| csi.agent.enabled | bool | `true` |  |
+| csi.agent.extraArgs | list | `[]` |  |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` |  |
+| csi.agent.image.repository | string | `"hashicorp/vault"` |  |
+| csi.agent.image.tag | string | `"1.15.2"` |  |
+| csi.agent.logFormat | string | `"standard"` |  |
+| csi.agent.logLevel | string | `"info"` |  |
+| csi.agent.resources | object | `{}` |  |
+| csi.daemonSet.annotations | object | `{}` |  |
+| csi.daemonSet.extraLabels | object | `{}` |  |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` |  |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` |  |
+| csi.daemonSet.securityContext.container | object | `{}` |  |
+| csi.daemonSet.securityContext.pod | object | `{}` |  |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` |  |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` |  |
+| csi.debug | bool | `false` |  |
+| csi.enabled | bool | `false` |  |
+| csi.extraArgs | list | `[]` |  |
+| csi.hmacSecretName | string | `""` |  |
+| csi.image.pullPolicy | string | `"IfNotPresent"` |  |
+| csi.image.repository | string | `"hashicorp/vault-csi-provider"` |  |
+| csi.image.tag | string | `"1.4.1"` |  |
+| csi.livenessProbe.failureThreshold | int | `2` |  |
+| csi.livenessProbe.initialDelaySeconds | int | `5` |  |
+| csi.livenessProbe.periodSeconds | int | `5` |  |
+| csi.livenessProbe.successThreshold | int | `1` |  |
+| csi.livenessProbe.timeoutSeconds | int | `3` |  |
+| csi.pod.affinity | object | `{}` |  |
+| csi.pod.annotations | object | `{}` |  |
+| csi.pod.extraLabels | object | `{}` |  |
+| csi.pod.nodeSelector | object | `{}` |  |
+| csi.pod.tolerations | list | `[]` |  |
+| csi.priorityClassName | string | `""` |  |
+| csi.readinessProbe.failureThreshold | int | `2` |  |
+| csi.readinessProbe.initialDelaySeconds | int | `5` |  |
+| csi.readinessProbe.periodSeconds | int | `5` |  |
+| csi.readinessProbe.successThreshold | int | `1` |  |
+| csi.readinessProbe.timeoutSeconds | int | `3` |  |
+| csi.resources | object | `{}` |  |
+| csi.serviceAccount.annotations | object | `{}` |  |
+| csi.serviceAccount.extraLabels | object | `{}` |  |
+| csi.volumeMounts | string | `nil` |  |
+| csi.volumes | string | `nil` |  |
+| global.enabled | bool | `true` |  |
+| global.externalVaultAddr | string | `""` |  |
+| global.imagePullSecrets | list | `[]` |  |
+| global.namespace | string | `""` |  |
+| global.openshift | bool | `false` |  |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default\n"` |  |
+| global.psp.enable | bool | `false` |  |
+| global.serverTelemetry.prometheusOperator | bool | `false` |  |
+| global.tlsDisable | bool | `true` |  |
+| injector.affinity | string | `"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: webhook\n      topologyKey: kubernetes.io/hostname\n"` |  |
+| injector.agentDefaults.cpuLimit | string | `"500m"` |  |
+| injector.agentDefaults.cpuRequest | string | `"250m"` |  |
+| injector.agentDefaults.memLimit | string | `"128Mi"` |  |
+| injector.agentDefaults.memRequest | string | `"64Mi"` |  |
+| injector.agentDefaults.template | string | `"map"` |  |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` |  |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` |  |
+| injector.agentImage.repository | string | `"hashicorp/vault"` |  |
+| injector.agentImage.tag | string | `"1.15.2"` |  |
+| injector.annotations | object | `{}` |  |
+| injector.authPath | string | `"auth/kubernetes"` |  |
+| injector.certs.caBundle | string | `""` |  |
+| injector.certs.certName | string | `"tls.crt"` |  |
+| injector.certs.keyName | string | `"tls.key"` |  |
+| injector.certs.secretName | string | `nil` |  |
+| injector.enabled | string | `"-"` |  |
+| injector.externalVaultAddr | string | `""` |  |
+| injector.extraEnvironmentVars | object | `{}` |  |
+| injector.extraLabels | object | `{}` |  |
+| injector.failurePolicy | string | `"Ignore"` |  |
+| injector.hostNetwork | bool | `false` |  |
+| injector.image.pullPolicy | string | `"IfNotPresent"` |  |
+| injector.image.repository | string | `"hashicorp/vault-k8s"` |  |
+| injector.image.tag | string | `"1.3.1"` |  |
+| injector.leaderElector.enabled | bool | `true` |  |
+| injector.livenessProbe.failureThreshold | int | `2` |  |
+| injector.livenessProbe.initialDelaySeconds | int | `5` |  |
+| injector.livenessProbe.periodSeconds | int | `2` |  |
+| injector.livenessProbe.successThreshold | int | `1` |  |
+| injector.livenessProbe.timeoutSeconds | int | `5` |  |
+| injector.logFormat | string | `"standard"` |  |
+| injector.logLevel | string | `"info"` |  |
+| injector.metrics.enabled | bool | `false` |  |
+| injector.namespaceSelector | object | `{}` |  |
+| injector.nodeSelector | object | `{}` |  |
+| injector.objectSelector | object | `{}` |  |
+| injector.podDisruptionBudget | object | `{}` |  |
+| injector.port | int | `8080` |  |
+| injector.priorityClassName | string | `""` |  |
+| injector.readinessProbe.failureThreshold | int | `2` |  |
+| injector.readinessProbe.initialDelaySeconds | int | `5` |  |
+| injector.readinessProbe.periodSeconds | int | `2` |  |
+| injector.readinessProbe.successThreshold | int | `1` |  |
+| injector.readinessProbe.timeoutSeconds | int | `5` |  |
+| injector.replicas | int | `1` |  |
+| injector.resources | object | `{}` |  |
+| injector.revokeOnShutdown | bool | `false` |  |
+| injector.securityContext.container | object | `{}` |  |
+| injector.securityContext.pod | object | `{}` |  |
+| injector.service.annotations | object | `{}` |  |
+| injector.serviceAccount.annotations | object | `{}` |  |
+| injector.startupProbe.failureThreshold | int | `12` |  |
+| injector.startupProbe.initialDelaySeconds | int | `5` |  |
+| injector.startupProbe.periodSeconds | int | `5` |  |
+| injector.startupProbe.successThreshold | int | `1` |  |
+| injector.startupProbe.timeoutSeconds | int | `5` |  |
+| injector.strategy | object | `{}` |  |
+| injector.tolerations | list | `[]` |  |
+| injector.topologySpreadConstraints | list | `[]` |  |
+| injector.webhook.annotations | object | `{}` |  |
+| injector.webhook.failurePolicy | string | `"Ignore"` |  |
+| injector.webhook.matchPolicy | string | `"Exact"` |  |
+| injector.webhook.namespaceSelector | object | `{}` |  |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n  operator: NotIn\n  values:\n  - {{ template \"vault.name\" . }}-agent-injector\n"` |  |
+| injector.webhook.timeoutSeconds | int | `30` |  |
+| injector.webhookAnnotations | object | `{}` |  |
+| server.affinity | string | `"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"vault.name\" . }}\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: server\n      topologyKey: kubernetes.io/hostname\n"` |  |
+| server.annotations | object | `{}` |  |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` |  |
+| server.auditStorage.annotations | object | `{}` |  |
+| server.auditStorage.enabled | bool | `false` |  |
+| server.auditStorage.labels | object | `{}` |  |
+| server.auditStorage.mountPath | string | `"/vault/audit"` |  |
+| server.auditStorage.size | string | `"10Gi"` |  |
+| server.auditStorage.storageClass | string | `nil` |  |
+| server.authDelegator.enabled | bool | `true` |  |
+| server.configAnnotation | bool | `false` |  |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` |  |
+| server.dataStorage.annotations | object | `{}` |  |
+| server.dataStorage.enabled | bool | `true` |  |
+| server.dataStorage.labels | object | `{}` |  |
+| server.dataStorage.mountPath | string | `"/vault/data"` |  |
+| server.dataStorage.size | string | `"10Gi"` |  |
+| server.dataStorage.storageClass | string | `nil` |  |
+| server.dev.devRootToken | string | `"root"` |  |
+| server.dev.enabled | bool | `false` |  |
+| server.enabled | string | `"-"` |  |
+| server.enterpriseLicense.secretKey | string | `"license"` |  |
+| server.enterpriseLicense.secretName | string | `""` |  |
+| server.extraArgs | string | `""` |  |
+| server.extraContainers | string | `nil` |  |
+| server.extraEnvironmentVars | object | `{}` |  |
+| server.extraInitContainers | string | `nil` |  |
+| server.extraLabels | object | `{}` |  |
+| server.extraPorts | string | `nil` |  |
+| server.extraSecretEnvironmentVars | list | `[]` |  |
+| server.extraVolumes | list | `[]` |  |
+| server.ha.apiAddr | string | `nil` |  |
+| server.ha.clusterAddr | string | `nil` |  |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n  path = \"vault\"\n  address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"vault-helm-dev-246514\"\n#   region      = \"global\"\n#   key_ring    = \"vault-helm-unseal-kr\"\n#   crypto_key  = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"` |  |
+| server.ha.disruptionBudget.enabled | bool | `true` |  |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` |  |
+| server.ha.enabled | bool | `false` |  |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\n\nstorage \"raft\" {\n  path = \"/vault/data\"\n}\n\nservice_registration \"kubernetes\" {}\n"` |  |
+| server.ha.raft.enabled | bool | `false` |  |
+| server.ha.raft.setNodeId | bool | `false` |  |
+| server.ha.replicas | int | `3` |  |
+| server.hostAliases | list | `[]` |  |
+| server.hostNetwork | bool | `false` |  |
+| server.image.pullPolicy | string | `"IfNotPresent"` |  |
+| server.image.repository | string | `"hashicorp/vault"` |  |
+| server.image.tag | string | `"1.15.2"` |  |
+| server.ingress.activeService | bool | `true` |  |
+| server.ingress.annotations | object | `{}` |  |
+| server.ingress.enabled | bool | `false` |  |
+| server.ingress.extraPaths | list | `[]` |  |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| server.ingress.hosts[0].paths | list | `[]` |  |
+| server.ingress.ingressClassName | string | `""` |  |
+| server.ingress.labels | object | `{}` |  |
+| server.ingress.pathType | string | `"Prefix"` |  |
+| server.ingress.tls | list | `[]` |  |
+| server.livenessProbe.enabled | bool | `false` |  |
+| server.livenessProbe.execCommand | list | `[]` |  |
+| server.livenessProbe.failureThreshold | int | `2` |  |
+| server.livenessProbe.initialDelaySeconds | int | `60` |  |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` |  |
+| server.livenessProbe.periodSeconds | int | `5` |  |
+| server.livenessProbe.port | int | `8200` |  |
+| server.livenessProbe.successThreshold | int | `1` |  |
+| server.livenessProbe.timeoutSeconds | int | `3` |  |
+| server.logFormat | string | `""` |  |
+| server.logLevel | string | `""` |  |
+| server.networkPolicy.egress | list | `[]` |  |
+| server.networkPolicy.enabled | bool | `false` |  |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` |  |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` |  |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` |  |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` |  |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` |  |
+| server.nodeSelector | object | `{}` |  |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` |  |
+| server.postStart | list | `[]` |  |
+| server.preStopSleepSeconds | int | `5` |  |
+| server.priorityClassName | string | `""` |  |
+| server.readinessProbe.enabled | bool | `true` |  |
+| server.readinessProbe.failureThreshold | int | `2` |  |
+| server.readinessProbe.initialDelaySeconds | int | `5` |  |
+| server.readinessProbe.periodSeconds | int | `5` |  |
+| server.readinessProbe.port | int | `8200` |  |
+| server.readinessProbe.successThreshold | int | `1` |  |
+| server.readinessProbe.timeoutSeconds | int | `3` |  |
+| server.resources | object | `{}` |  |
+| server.route.activeService | bool | `true` |  |
+| server.route.annotations | object | `{}` |  |
+| server.route.enabled | bool | `false` |  |
+| server.route.host | string | `"chart-example.local"` |  |
+| server.route.labels | object | `{}` |  |
+| server.route.tls.termination | string | `"passthrough"` |  |
+| server.service.active.annotations | object | `{}` |  |
+| server.service.active.enabled | bool | `true` |  |
+| server.service.annotations | object | `{}` |  |
+| server.service.enabled | bool | `true` |  |
+| server.service.externalTrafficPolicy | string | `"Cluster"` |  |
+| server.service.instanceSelector.enabled | bool | `true` |  |
+| server.service.ipFamilies | list | `[]` |  |
+| server.service.ipFamilyPolicy | string | `""` |  |
+| server.service.port | int | `8200` |  |
+| server.service.publishNotReadyAddresses | bool | `true` |  |
+| server.service.standby.annotations | object | `{}` |  |
+| server.service.standby.enabled | bool | `true` |  |
+| server.service.targetPort | int | `8200` |  |
+| server.serviceAccount.annotations | object | `{}` |  |
+| server.serviceAccount.create | bool | `true` |  |
+| server.serviceAccount.createSecret | bool | `false` |  |
+| server.serviceAccount.extraLabels | object | `{}` |  |
+| server.serviceAccount.name | string | `""` |  |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` |  |
+| server.shareProcessNamespace | bool | `false` |  |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\nstorage \"file\" {\n  path = \"/vault/data\"\n}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"vault-helm-dev\"\n#   region      = \"global\"\n#   key_ring    = \"vault-helm-unseal-kr\"\n#   crypto_key  = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"` |  |
+| server.standalone.enabled | string | `"-"` |  |
+| server.statefulSet.annotations | object | `{}` |  |
+| server.statefulSet.securityContext.container | object | `{}` |  |
+| server.statefulSet.securityContext.pod | object | `{}` |  |
+| server.terminationGracePeriodSeconds | int | `10` |  |
+| server.tolerations | list | `[]` |  |
+| server.topologySpreadConstraints | list | `[]` |  |
+| server.updateStrategyType | string | `"OnDelete"` |  |
+| server.volumeMounts | string | `nil` |  |
+| server.volumes | string | `nil` |  |
+| serverTelemetry.prometheusRules.enabled | bool | `false` |  |
+| serverTelemetry.prometheusRules.rules | list | `[]` |  |
+| serverTelemetry.prometheusRules.selectors | object | `{}` |  |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` |  |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` |  |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` |  |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` |  |
+| ui.activeVaultPodOnly | bool | `false` |  |
+| ui.annotations | object | `{}` |  |
+| ui.enabled | bool | `false` |  |
+| ui.externalPort | int | `8200` |  |
+| ui.externalTrafficPolicy | string | `"Cluster"` |  |
+| ui.publishNotReadyAddresses | bool | `true` |  |
+| ui.serviceIPFamilies | list | `[]` |  |
+| ui.serviceIPFamilyPolicy | string | `""` |  |
+| ui.serviceNodePort | string | `nil` |  |
+| ui.serviceType | string | `"ClusterIP"` |  |
+| ui.targetPort | int | `8200` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)