diff --git a/.github/workflows/acceptance.yaml b/.github/workflows/acceptance.yaml index 7ae9186..2a204e3 100644 --- a/.github/workflows/acceptance.yaml +++ b/.github/workflows/acceptance.yaml @@ -5,7 +5,7 @@ jobs: strategy: fail-fast: false matrix: - kind-k8s-version: [1.25.16, 1.26.14, 1.27.11, 1.28.7, 1.29.2] + kind-k8s-version: [1.27.11, 1.28.7, 1.29.2] runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml deleted file mode 100644 index ec209f5..0000000 --- a/.github/workflows/actionlint.yml +++ /dev/null @@ -1,14 +0,0 @@ -# If the repository is public, be sure to change to GitHub hosted runners -name: Lint GitHub Actions Workflows -on: - push: - paths: - - .github/workflows/**.yml - pull_request: - paths: - - .github/workflows/**.yml -permissions: - contents: read -jobs: - actionlint: - uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml deleted file mode 100644 index 0f73ec3..0000000 --- a/.github/workflows/jira.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: Jira Sync -on: - issues: - types: [opened, closed, deleted, reopened] - pull_request_target: - types: [opened, closed, reopened] - issue_comment: # Also triggers when commenting on a PR from the conversation view - types: [created] -jobs: - sync: - uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main - secrets: - JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} - JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} - JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} - with: - teams-array: '["ecosystem", "foundations-eco"]' diff --git a/.github/workflows/lint-chart.yml b/.github/workflows/lint-chart.yml new file mode 100644 index 0000000..dc826b1 --- /dev/null +++ b/.github/workflows/lint-chart.yml @@ -0,0 +1,47 @@ +name: Lint and Test Chart + +on: + pull_request: + paths: + - 'charts/**' + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: "0" + + - name: Install Helm + uses: azure/setup-helm@v4 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + id: lint + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + + - name: Create kind cluster + uses: helm/kind-action@v1.10.0 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) + id: install + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml new file mode 100644 index 0000000..e4c3f84 --- /dev/null +++ b/.github/workflows/release-chart.yml @@ -0,0 +1,38 @@ +name: Release + +on: + push: + branches: + - main + paths: + - 'charts/**' + +jobs: + release: + environment: helm-release + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3.5 + id: helm-install + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run chart-releaser + id: helm-release + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_GENERATE_RELEASE_NOTES: true diff --git a/.github/workflows/update-helm-charts-index.yml b/.github/workflows/update-helm-charts-index.yml deleted file mode 100644 index 28016ab..0000000 --- a/.github/workflows/update-helm-charts-index.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: update-helm-charts-index -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+' - -permissions: - contents: read - -jobs: - update-helm-charts-index: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: verify Chart version matches tag version - run: |- - export TAG=${{ github.ref_name }} - git_tag="${TAG#v}" - chart_tag=$(yq -r '.version' Chart.yaml) - if [ "${git_tag}" != "${chart_tag}" ]; then - echo "chart version (${chart_tag}) did not match git version (${git_tag})" - exit 1 - fi - - name: update helm-charts index - id: update - env: - GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }} - run: |- - gh workflow run publish-charts.yml \ - --repo hashicorp/helm-charts \ - --ref main \ - -f SOURCE_TAG="${{ github.ref_name }}" \ - -f SOURCE_REPO="${{ github.repository }}" - - uses: hashicorp/actions-slack-status@v1 - if: ${{always()}} - with: - success-message: "vault-helm charts index update triggered successfully. View the run ." - failure-message: "vault-helm charts index update trigger failed." - status: ${{job.status}} - slack-webhook-url: ${{secrets.SLACK_WEBHOOK_URL}} diff --git a/Chart.yaml b/Chart.yaml deleted file mode 100644 index 2b19ace..0000000 --- a/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: v2 -name: vault -version: 0.27.0 -appVersion: 1.15.2 -kubeVersion: ">= 1.20.0-0" -description: Official HashiCorp Vault Chart -home: https://www.vaultproject.io -icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png -keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] -sources: - - https://github.com/hashicorp/vault - - https://github.com/hashicorp/vault-helm - - https://github.com/hashicorp/vault-k8s - - https://github.com/hashicorp/vault-csi-provider -annotations: - charts.openshift.io/name: HashiCorp Vault diff --git a/README.md b/README.md index 256bd8b..30043e2 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ -# Vault Helm Chart +# OpenBao Helm Chart -> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If -you believe you have found a security issue in Vault Helm, _please responsibly disclose_ -by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). +> :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If +you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_ +by contacting us at [](mailto:). -This repository contains the official HashiCorp Helm chart for installing -and configuring Vault on Kubernetes. This chart supports multiple use -cases of Vault on Kubernetes depending on the values provided. +This repository contains the OpenBao Helm chart for installing +and configuring OpenBao on Kubernetes. This chart supports multiple use +cases of OpenBao on Kubernetes depending on the values provided. For full documentation on this Helm chart along with all the ways you can use Vault with Kubernetes, please see the @@ -20,24 +20,19 @@ this README. Please refer to the Kubernetes and Helm documentation. The versions required are: - * **Helm 3.6+** - * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested. + * **Helm 3.12+** - Earliest verison tested + * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested. ## Usage -To install the latest version of this chart, add the Hashicorp helm repository -and run `helm install`: +To install the latest version of this chart, add the Hashicorp helm repository and run `helm install`: ```console -$ helm repo add hashicorp https://helm.releases.hashicorp.com -"hashicorp" has been added to your repositories +helm repo add openbao https://openbao.github.io/openbao-helm -$ helm install vault hashicorp/vault +helm install openbao openbao/openbao ``` -Please see the many options supported in the `values.yaml` file. These are also -fully documented directly on the [Vault -website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more -detailed installation instructions. +Please see the many options supported in the [`values.yaml`](./charts/openbao/values.yaml) file. These are also fully documented directly in the [openbao README](./charts/openbao/README.md) along with more detailed installation instructions. diff --git a/.helmignore b/charts/openbao/.helmignore similarity index 100% rename from .helmignore rename to charts/openbao/.helmignore diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml new file mode 100644 index 0000000..163c7b6 --- /dev/null +++ b/charts/openbao/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +apiVersion: v2 +name: openbao +version: 0.1.0 +appVersion: v2.0.0-alpha20240329 +kubeVersion: ">= 1.27.0-0" +description: Official openbao Chart +home: https://github.com/openbao/openbao-helm +icon: https://avatars.githubusercontent.com/u/152585220?s=200&v=4 +keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"] +sources: + - https://github.com/openbao/openbao-helm +annotations: + charts.openshift.io/name: Openbao + +maintainers: + - name: jessebot + url: https://github.com/jessebot diff --git a/charts/openbao/README.md b/charts/openbao/README.md new file mode 100644 index 0000000..735beee --- /dev/null +++ b/charts/openbao/README.md @@ -0,0 +1,291 @@ +# openbao + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: v2.0.0-alpha20240329](https://img.shields.io/badge/AppVersion-v2.0.0--alpha20240329-informational?style=flat-square) + +Official openbao Chart + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| jessebot | | | + +## Source Code + +* + +## Requirements + +Kubernetes: `>= 1.27.0-0` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| csi.agent.enabled | bool | `true` | | +| csi.agent.extraArgs | list | `[]` | | +| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | | +| csi.agent.image.repository | string | `"hashicorp/vault"` | | +| csi.agent.image.tag | string | `"1.15.2"` | | +| csi.agent.logFormat | string | `"standard"` | | +| csi.agent.logLevel | string | `"info"` | | +| csi.agent.resources | object | `{}` | | +| csi.daemonSet.annotations | object | `{}` | | +| csi.daemonSet.extraLabels | object | `{}` | | +| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | | +| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | | +| csi.daemonSet.securityContext.container | object | `{}` | | +| csi.daemonSet.securityContext.pod | object | `{}` | | +| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | | +| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | | +| csi.debug | bool | `false` | | +| csi.enabled | bool | `false` | | +| csi.extraArgs | list | `[]` | | +| csi.hmacSecretName | string | `""` | | +| csi.image.pullPolicy | string | `"IfNotPresent"` | | +| csi.image.repository | string | `"hashicorp/vault-csi-provider"` | | +| csi.image.tag | string | `"1.4.1"` | | +| csi.livenessProbe.failureThreshold | int | `2` | | +| csi.livenessProbe.initialDelaySeconds | int | `5` | | +| csi.livenessProbe.periodSeconds | int | `5` | | +| csi.livenessProbe.successThreshold | int | `1` | | +| csi.livenessProbe.timeoutSeconds | int | `3` | | +| csi.pod.affinity | object | `{}` | | +| csi.pod.annotations | object | `{}` | | +| csi.pod.extraLabels | object | `{}` | | +| csi.pod.nodeSelector | object | `{}` | | +| csi.pod.tolerations | list | `[]` | | +| csi.priorityClassName | string | `""` | | +| csi.readinessProbe.failureThreshold | int | `2` | | +| csi.readinessProbe.initialDelaySeconds | int | `5` | | +| csi.readinessProbe.periodSeconds | int | `5` | | +| csi.readinessProbe.successThreshold | int | `1` | | +| csi.readinessProbe.timeoutSeconds | int | `3` | | +| csi.resources | object | `{}` | | +| csi.serviceAccount.annotations | object | `{}` | | +| csi.serviceAccount.extraLabels | object | `{}` | | +| csi.volumeMounts | string | `nil` | | +| csi.volumes | string | `nil` | | +| global.enabled | bool | `true` | | +| global.externalVaultAddr | string | `""` | | +| global.imagePullSecrets | list | `[]` | | +| global.namespace | string | `""` | | +| global.openshift | bool | `false` | | +| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | | +| global.psp.enable | bool | `false` | | +| global.serverTelemetry.prometheusOperator | bool | `false` | | +| global.tlsDisable | bool | `true` | | +| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | | +| injector.agentDefaults.cpuLimit | string | `"500m"` | | +| injector.agentDefaults.cpuRequest | string | `"250m"` | | +| injector.agentDefaults.memLimit | string | `"128Mi"` | | +| injector.agentDefaults.memRequest | string | `"64Mi"` | | +| injector.agentDefaults.template | string | `"map"` | | +| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | | +| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | | +| injector.agentImage.repository | string | `"hashicorp/vault"` | | +| injector.agentImage.tag | string | `"1.15.2"` | | +| injector.annotations | object | `{}` | | +| injector.authPath | string | `"auth/kubernetes"` | | +| injector.certs.caBundle | string | `""` | | +| injector.certs.certName | string | `"tls.crt"` | | +| injector.certs.keyName | string | `"tls.key"` | | +| injector.certs.secretName | string | `nil` | | +| injector.enabled | string | `"-"` | | +| injector.externalVaultAddr | string | `""` | | +| injector.extraEnvironmentVars | object | `{}` | | +| injector.extraLabels | object | `{}` | | +| injector.failurePolicy | string | `"Ignore"` | | +| injector.hostNetwork | bool | `false` | | +| injector.image.pullPolicy | string | `"IfNotPresent"` | | +| injector.image.repository | string | `"hashicorp/vault-k8s"` | | +| injector.image.tag | string | `"1.3.1"` | | +| injector.leaderElector.enabled | bool | `true` | | +| injector.livenessProbe.failureThreshold | int | `2` | | +| injector.livenessProbe.initialDelaySeconds | int | `5` | | +| injector.livenessProbe.periodSeconds | int | `2` | | +| injector.livenessProbe.successThreshold | int | `1` | | +| injector.livenessProbe.timeoutSeconds | int | `5` | | +| injector.logFormat | string | `"standard"` | | +| injector.logLevel | string | `"info"` | | +| injector.metrics.enabled | bool | `false` | | +| injector.namespaceSelector | object | `{}` | | +| injector.nodeSelector | object | `{}` | | +| injector.objectSelector | object | `{}` | | +| injector.podDisruptionBudget | object | `{}` | | +| injector.port | int | `8080` | | +| injector.priorityClassName | string | `""` | | +| injector.readinessProbe.failureThreshold | int | `2` | | +| injector.readinessProbe.initialDelaySeconds | int | `5` | | +| injector.readinessProbe.periodSeconds | int | `2` | | +| injector.readinessProbe.successThreshold | int | `1` | | +| injector.readinessProbe.timeoutSeconds | int | `5` | | +| injector.replicas | int | `1` | | +| injector.resources | object | `{}` | | +| injector.revokeOnShutdown | bool | `false` | | +| injector.securityContext.container | object | `{}` | | +| injector.securityContext.pod | object | `{}` | | +| injector.service.annotations | object | `{}` | | +| injector.serviceAccount.annotations | object | `{}` | | +| injector.startupProbe.failureThreshold | int | `12` | | +| injector.startupProbe.initialDelaySeconds | int | `5` | | +| injector.startupProbe.periodSeconds | int | `5` | | +| injector.startupProbe.successThreshold | int | `1` | | +| injector.startupProbe.timeoutSeconds | int | `5` | | +| injector.strategy | object | `{}` | | +| injector.tolerations | list | `[]` | | +| injector.topologySpreadConstraints | list | `[]` | | +| injector.webhook.annotations | object | `{}` | | +| injector.webhook.failurePolicy | string | `"Ignore"` | | +| injector.webhook.matchPolicy | string | `"Exact"` | | +| injector.webhook.namespaceSelector | object | `{}` | | +| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | | +| injector.webhook.timeoutSeconds | int | `30` | | +| injector.webhookAnnotations | object | `{}` | | +| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | | +| server.annotations | object | `{}` | | +| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | | +| server.auditStorage.annotations | object | `{}` | | +| server.auditStorage.enabled | bool | `false` | | +| server.auditStorage.labels | object | `{}` | | +| server.auditStorage.mountPath | string | `"/vault/audit"` | | +| server.auditStorage.size | string | `"10Gi"` | | +| server.auditStorage.storageClass | string | `nil` | | +| server.authDelegator.enabled | bool | `true` | | +| server.configAnnotation | bool | `false` | | +| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | | +| server.dataStorage.annotations | object | `{}` | | +| server.dataStorage.enabled | bool | `true` | | +| server.dataStorage.labels | object | `{}` | | +| server.dataStorage.mountPath | string | `"/vault/data"` | | +| server.dataStorage.size | string | `"10Gi"` | | +| server.dataStorage.storageClass | string | `nil` | | +| server.dev.devRootToken | string | `"root"` | | +| server.dev.enabled | bool | `false` | | +| server.enabled | string | `"-"` | | +| server.enterpriseLicense.secretKey | string | `"license"` | | +| server.enterpriseLicense.secretName | string | `""` | | +| server.extraArgs | string | `""` | | +| server.extraContainers | string | `nil` | | +| server.extraEnvironmentVars | object | `{}` | | +| server.extraInitContainers | string | `nil` | | +| server.extraLabels | object | `{}` | | +| server.extraPorts | string | `nil` | | +| server.extraSecretEnvironmentVars | list | `[]` | | +| server.extraVolumes | list | `[]` | | +| server.ha.apiAddr | string | `nil` | | +| server.ha.clusterAddr | string | `nil` | | +| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | | +| server.ha.disruptionBudget.enabled | bool | `true` | | +| server.ha.disruptionBudget.maxUnavailable | string | `nil` | | +| server.ha.enabled | bool | `false` | | +| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\nservice_registration \"kubernetes\" {}\n"` | | +| server.ha.raft.enabled | bool | `false` | | +| server.ha.raft.setNodeId | bool | `false` | | +| server.ha.replicas | int | `3` | | +| server.hostAliases | list | `[]` | | +| server.hostNetwork | bool | `false` | | +| server.image.pullPolicy | string | `"IfNotPresent"` | | +| server.image.repository | string | `"hashicorp/vault"` | | +| server.image.tag | string | `"1.15.2"` | | +| server.ingress.activeService | bool | `true` | | +| server.ingress.annotations | object | `{}` | | +| server.ingress.enabled | bool | `false` | | +| server.ingress.extraPaths | list | `[]` | | +| server.ingress.hosts[0].host | string | `"chart-example.local"` | | +| server.ingress.hosts[0].paths | list | `[]` | | +| server.ingress.ingressClassName | string | `""` | | +| server.ingress.labels | object | `{}` | | +| server.ingress.pathType | string | `"Prefix"` | | +| server.ingress.tls | list | `[]` | | +| server.livenessProbe.enabled | bool | `false` | | +| server.livenessProbe.execCommand | list | `[]` | | +| server.livenessProbe.failureThreshold | int | `2` | | +| server.livenessProbe.initialDelaySeconds | int | `60` | | +| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | | +| server.livenessProbe.periodSeconds | int | `5` | | +| server.livenessProbe.port | int | `8200` | | +| server.livenessProbe.successThreshold | int | `1` | | +| server.livenessProbe.timeoutSeconds | int | `3` | | +| server.logFormat | string | `""` | | +| server.logLevel | string | `""` | | +| server.networkPolicy.egress | list | `[]` | | +| server.networkPolicy.enabled | bool | `false` | | +| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | | +| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | | +| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | | +| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | | +| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | | +| server.nodeSelector | object | `{}` | | +| server.persistentVolumeClaimRetentionPolicy | object | `{}` | | +| server.postStart | list | `[]` | | +| server.preStopSleepSeconds | int | `5` | | +| server.priorityClassName | string | `""` | | +| server.readinessProbe.enabled | bool | `true` | | +| server.readinessProbe.failureThreshold | int | `2` | | +| server.readinessProbe.initialDelaySeconds | int | `5` | | +| server.readinessProbe.periodSeconds | int | `5` | | +| server.readinessProbe.port | int | `8200` | | +| server.readinessProbe.successThreshold | int | `1` | | +| server.readinessProbe.timeoutSeconds | int | `3` | | +| server.resources | object | `{}` | | +| server.route.activeService | bool | `true` | | +| server.route.annotations | object | `{}` | | +| server.route.enabled | bool | `false` | | +| server.route.host | string | `"chart-example.local"` | | +| server.route.labels | object | `{}` | | +| server.route.tls.termination | string | `"passthrough"` | | +| server.service.active.annotations | object | `{}` | | +| server.service.active.enabled | bool | `true` | | +| server.service.annotations | object | `{}` | | +| server.service.enabled | bool | `true` | | +| server.service.externalTrafficPolicy | string | `"Cluster"` | | +| server.service.instanceSelector.enabled | bool | `true` | | +| server.service.ipFamilies | list | `[]` | | +| server.service.ipFamilyPolicy | string | `""` | | +| server.service.port | int | `8200` | | +| server.service.publishNotReadyAddresses | bool | `true` | | +| server.service.standby.annotations | object | `{}` | | +| server.service.standby.enabled | bool | `true` | | +| server.service.targetPort | int | `8200` | | +| server.serviceAccount.annotations | object | `{}` | | +| server.serviceAccount.create | bool | `true` | | +| server.serviceAccount.createSecret | bool | `false` | | +| server.serviceAccount.extraLabels | object | `{}` | | +| server.serviceAccount.name | string | `""` | | +| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | | +| server.shareProcessNamespace | bool | `false` | | +| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\nstorage \"file\" {\n path = \"/vault/data\"\n}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | | +| server.standalone.enabled | string | `"-"` | | +| server.statefulSet.annotations | object | `{}` | | +| server.statefulSet.securityContext.container | object | `{}` | | +| server.statefulSet.securityContext.pod | object | `{}` | | +| server.terminationGracePeriodSeconds | int | `10` | | +| server.tolerations | list | `[]` | | +| server.topologySpreadConstraints | list | `[]` | | +| server.updateStrategyType | string | `"OnDelete"` | | +| server.volumeMounts | string | `nil` | | +| server.volumes | string | `nil` | | +| serverTelemetry.prometheusRules.enabled | bool | `false` | | +| serverTelemetry.prometheusRules.rules | list | `[]` | | +| serverTelemetry.prometheusRules.selectors | object | `{}` | | +| serverTelemetry.serviceMonitor.enabled | bool | `false` | | +| serverTelemetry.serviceMonitor.interval | string | `"30s"` | | +| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| serverTelemetry.serviceMonitor.selectors | object | `{}` | | +| ui.activeVaultPodOnly | bool | `false` | | +| ui.annotations | object | `{}` | | +| ui.enabled | bool | `false` | | +| ui.externalPort | int | `8200` | | +| ui.externalTrafficPolicy | string | `"Cluster"` | | +| ui.publishNotReadyAddresses | bool | `true` | | +| ui.serviceIPFamilies | list | `[]` | | +| ui.serviceIPFamilyPolicy | string | `""` | | +| ui.serviceNodePort | string | `nil` | | +| ui.serviceType | string | `"ClusterIP"` | | +| ui.targetPort | int | `8200` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1) diff --git a/templates/NOTES.txt b/charts/openbao/templates/NOTES.txt similarity index 100% rename from templates/NOTES.txt rename to charts/openbao/templates/NOTES.txt diff --git a/templates/_helpers.tpl b/charts/openbao/templates/_helpers.tpl similarity index 100% rename from templates/_helpers.tpl rename to charts/openbao/templates/_helpers.tpl diff --git a/templates/csi-agent-configmap.yaml b/charts/openbao/templates/csi-agent-configmap.yaml similarity index 100% rename from templates/csi-agent-configmap.yaml rename to charts/openbao/templates/csi-agent-configmap.yaml diff --git a/templates/csi-clusterrole.yaml b/charts/openbao/templates/csi-clusterrole.yaml similarity index 100% rename from templates/csi-clusterrole.yaml rename to charts/openbao/templates/csi-clusterrole.yaml diff --git a/templates/csi-clusterrolebinding.yaml b/charts/openbao/templates/csi-clusterrolebinding.yaml similarity index 100% rename from templates/csi-clusterrolebinding.yaml rename to charts/openbao/templates/csi-clusterrolebinding.yaml diff --git a/templates/csi-daemonset.yaml b/charts/openbao/templates/csi-daemonset.yaml similarity index 100% rename from templates/csi-daemonset.yaml rename to charts/openbao/templates/csi-daemonset.yaml diff --git a/templates/csi-role.yaml b/charts/openbao/templates/csi-role.yaml similarity index 100% rename from templates/csi-role.yaml rename to charts/openbao/templates/csi-role.yaml diff --git a/templates/csi-rolebinding.yaml b/charts/openbao/templates/csi-rolebinding.yaml similarity index 100% rename from templates/csi-rolebinding.yaml rename to charts/openbao/templates/csi-rolebinding.yaml diff --git a/templates/csi-serviceaccount.yaml b/charts/openbao/templates/csi-serviceaccount.yaml similarity index 100% rename from templates/csi-serviceaccount.yaml rename to charts/openbao/templates/csi-serviceaccount.yaml diff --git a/templates/injector-certs-secret.yaml b/charts/openbao/templates/injector-certs-secret.yaml similarity index 100% rename from templates/injector-certs-secret.yaml rename to charts/openbao/templates/injector-certs-secret.yaml diff --git a/templates/injector-clusterrole.yaml b/charts/openbao/templates/injector-clusterrole.yaml similarity index 100% rename from templates/injector-clusterrole.yaml rename to charts/openbao/templates/injector-clusterrole.yaml diff --git a/templates/injector-clusterrolebinding.yaml b/charts/openbao/templates/injector-clusterrolebinding.yaml similarity index 100% rename from templates/injector-clusterrolebinding.yaml rename to charts/openbao/templates/injector-clusterrolebinding.yaml diff --git a/templates/injector-deployment.yaml b/charts/openbao/templates/injector-deployment.yaml similarity index 100% rename from templates/injector-deployment.yaml rename to charts/openbao/templates/injector-deployment.yaml diff --git a/templates/injector-disruptionbudget.yaml b/charts/openbao/templates/injector-disruptionbudget.yaml similarity index 100% rename from templates/injector-disruptionbudget.yaml rename to charts/openbao/templates/injector-disruptionbudget.yaml diff --git a/templates/injector-mutating-webhook.yaml b/charts/openbao/templates/injector-mutating-webhook.yaml similarity index 100% rename from templates/injector-mutating-webhook.yaml rename to charts/openbao/templates/injector-mutating-webhook.yaml diff --git a/templates/injector-network-policy.yaml b/charts/openbao/templates/injector-network-policy.yaml similarity index 100% rename from templates/injector-network-policy.yaml rename to charts/openbao/templates/injector-network-policy.yaml diff --git a/templates/injector-psp-role.yaml b/charts/openbao/templates/injector-psp-role.yaml similarity index 100% rename from templates/injector-psp-role.yaml rename to charts/openbao/templates/injector-psp-role.yaml diff --git a/templates/injector-psp-rolebinding.yaml b/charts/openbao/templates/injector-psp-rolebinding.yaml similarity index 100% rename from templates/injector-psp-rolebinding.yaml rename to charts/openbao/templates/injector-psp-rolebinding.yaml diff --git a/templates/injector-psp.yaml b/charts/openbao/templates/injector-psp.yaml similarity index 100% rename from templates/injector-psp.yaml rename to charts/openbao/templates/injector-psp.yaml diff --git a/templates/injector-role.yaml b/charts/openbao/templates/injector-role.yaml similarity index 100% rename from templates/injector-role.yaml rename to charts/openbao/templates/injector-role.yaml diff --git a/templates/injector-rolebinding.yaml b/charts/openbao/templates/injector-rolebinding.yaml similarity index 100% rename from templates/injector-rolebinding.yaml rename to charts/openbao/templates/injector-rolebinding.yaml diff --git a/templates/injector-service.yaml b/charts/openbao/templates/injector-service.yaml similarity index 100% rename from templates/injector-service.yaml rename to charts/openbao/templates/injector-service.yaml diff --git a/templates/injector-serviceaccount.yaml b/charts/openbao/templates/injector-serviceaccount.yaml similarity index 100% rename from templates/injector-serviceaccount.yaml rename to charts/openbao/templates/injector-serviceaccount.yaml diff --git a/templates/prometheus-prometheusrules.yaml b/charts/openbao/templates/prometheus-prometheusrules.yaml similarity index 100% rename from templates/prometheus-prometheusrules.yaml rename to charts/openbao/templates/prometheus-prometheusrules.yaml diff --git a/templates/prometheus-servicemonitor.yaml b/charts/openbao/templates/prometheus-servicemonitor.yaml similarity index 100% rename from templates/prometheus-servicemonitor.yaml rename to charts/openbao/templates/prometheus-servicemonitor.yaml diff --git a/templates/server-clusterrolebinding.yaml b/charts/openbao/templates/server-clusterrolebinding.yaml similarity index 100% rename from templates/server-clusterrolebinding.yaml rename to charts/openbao/templates/server-clusterrolebinding.yaml diff --git a/templates/server-config-configmap.yaml b/charts/openbao/templates/server-config-configmap.yaml similarity index 100% rename from templates/server-config-configmap.yaml rename to charts/openbao/templates/server-config-configmap.yaml diff --git a/templates/server-discovery-role.yaml b/charts/openbao/templates/server-discovery-role.yaml similarity index 100% rename from templates/server-discovery-role.yaml rename to charts/openbao/templates/server-discovery-role.yaml diff --git a/templates/server-discovery-rolebinding.yaml b/charts/openbao/templates/server-discovery-rolebinding.yaml similarity index 100% rename from templates/server-discovery-rolebinding.yaml rename to charts/openbao/templates/server-discovery-rolebinding.yaml diff --git a/templates/server-disruptionbudget.yaml b/charts/openbao/templates/server-disruptionbudget.yaml similarity index 100% rename from templates/server-disruptionbudget.yaml rename to charts/openbao/templates/server-disruptionbudget.yaml diff --git a/templates/server-ha-active-service.yaml b/charts/openbao/templates/server-ha-active-service.yaml similarity index 100% rename from templates/server-ha-active-service.yaml rename to charts/openbao/templates/server-ha-active-service.yaml diff --git a/templates/server-ha-standby-service.yaml b/charts/openbao/templates/server-ha-standby-service.yaml similarity index 100% rename from templates/server-ha-standby-service.yaml rename to charts/openbao/templates/server-ha-standby-service.yaml diff --git a/templates/server-headless-service.yaml b/charts/openbao/templates/server-headless-service.yaml similarity index 100% rename from templates/server-headless-service.yaml rename to charts/openbao/templates/server-headless-service.yaml diff --git a/templates/server-ingress.yaml b/charts/openbao/templates/server-ingress.yaml similarity index 100% rename from templates/server-ingress.yaml rename to charts/openbao/templates/server-ingress.yaml diff --git a/templates/server-network-policy.yaml b/charts/openbao/templates/server-network-policy.yaml similarity index 100% rename from templates/server-network-policy.yaml rename to charts/openbao/templates/server-network-policy.yaml diff --git a/templates/server-psp-role.yaml b/charts/openbao/templates/server-psp-role.yaml similarity index 100% rename from templates/server-psp-role.yaml rename to charts/openbao/templates/server-psp-role.yaml diff --git a/templates/server-psp-rolebinding.yaml b/charts/openbao/templates/server-psp-rolebinding.yaml similarity index 100% rename from templates/server-psp-rolebinding.yaml rename to charts/openbao/templates/server-psp-rolebinding.yaml diff --git a/templates/server-psp.yaml b/charts/openbao/templates/server-psp.yaml similarity index 100% rename from templates/server-psp.yaml rename to charts/openbao/templates/server-psp.yaml diff --git a/templates/server-route.yaml b/charts/openbao/templates/server-route.yaml similarity index 100% rename from templates/server-route.yaml rename to charts/openbao/templates/server-route.yaml diff --git a/templates/server-service.yaml b/charts/openbao/templates/server-service.yaml similarity index 100% rename from templates/server-service.yaml rename to charts/openbao/templates/server-service.yaml diff --git a/templates/server-serviceaccount-secret.yaml b/charts/openbao/templates/server-serviceaccount-secret.yaml similarity index 100% rename from templates/server-serviceaccount-secret.yaml rename to charts/openbao/templates/server-serviceaccount-secret.yaml diff --git a/templates/server-serviceaccount.yaml b/charts/openbao/templates/server-serviceaccount.yaml similarity index 100% rename from templates/server-serviceaccount.yaml rename to charts/openbao/templates/server-serviceaccount.yaml diff --git a/templates/server-statefulset.yaml b/charts/openbao/templates/server-statefulset.yaml similarity index 100% rename from templates/server-statefulset.yaml rename to charts/openbao/templates/server-statefulset.yaml diff --git a/templates/tests/server-test.yaml b/charts/openbao/templates/tests/server-test.yaml similarity index 100% rename from templates/tests/server-test.yaml rename to charts/openbao/templates/tests/server-test.yaml diff --git a/templates/ui-service.yaml b/charts/openbao/templates/ui-service.yaml similarity index 100% rename from templates/ui-service.yaml rename to charts/openbao/templates/ui-service.yaml diff --git a/values.openshift.yaml b/charts/openbao/values.openshift.yaml similarity index 100% rename from values.openshift.yaml rename to charts/openbao/values.openshift.yaml diff --git a/values.schema.json b/charts/openbao/values.schema.json similarity index 100% rename from values.schema.json rename to charts/openbao/values.schema.json diff --git a/values.yaml b/charts/openbao/values.yaml similarity index 100% rename from values.yaml rename to charts/openbao/values.yaml