we now use /openbao/config instead of /vault/config

ref: 8283776683/Dockerfile (L45)

also change types from null to [] to be more explicit and regenerate docs

Signed-off-by: jessebot <jessebot@linux.com>

charts/openbao/README.md

@@ -171,12 +171,12 @@ Kubernetes: `>= 1.27.0-0`
 | server.dev.devRootToken | string | `"root"` |  |
 | server.dev.enabled | bool | `false` |  |
 | server.enabled | string | `"-"` |  |
-| server.extraArgs | string | `""` |  |
+| server.extraArgs | string | `""` | extraArgs is a string containing additional Vault server arguments. |
 | server.extraContainers | string | `nil` |  |
 | server.extraEnvironmentVars | object | `{}` |  |
-| server.extraInitContainers | string | `nil` |  |
+| server.extraInitContainers | list | `[]` | extraInitContainers is a list of init containers. Specified as a YAML list. This is useful if you need to run a script to provision TLS certificates or write out configuration files in a dynamic way. |
 | server.extraLabels | object | `{}` |  |
-| server.extraPorts | string | `nil` |  |
+| server.extraPorts | list | `[]` | extraPorts is a list of extra ports. Specified as a YAML list. This is useful if you need to add additional ports to the statefulset in dynamic way. |
 | server.extraSecretEnvironmentVars | list | `[]` |  |
 | server.extraVolumes | list | `[]` |  |
 | server.ha.apiAddr | string | `nil` |  |
@@ -261,7 +261,7 @@ Kubernetes: `>= 1.27.0-0`
 | server.serviceAccount.extraLabels | object | `{}` |  |
 | server.serviceAccount.name | string | `""` |  |
 | server.serviceAccount.serviceDiscovery.enabled | bool | `true` |  |
-| server.shareProcessNamespace | bool | `false` |  |
+| server.shareProcessNamespace | bool | `false` | shareProcessNamespace enables process namespace sharing between Vault and the extraContainers This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation |
 | server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\nstorage \"file\" {\n  path = \"/vault/data\"\n}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"vault-helm-dev\"\n#   region      = \"global\"\n#   key_ring    = \"vault-helm-unseal-kr\"\n#   crypto_key  = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"` |  |
 | server.standalone.enabled | string | `"-"` |  |
 | server.statefulSet.annotations | object | `{}` |  |

charts/openbao/templates/_helpers.tpl

@@ -211,14 +211,14 @@ for users looking to use this chart with Consul Helm.
 {{- define "vault.args" -}}
   {{ if or (eq .mode "standalone") (eq .mode "ha") }}
           - |
-            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            cp /openbao/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
             [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
             [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
             [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
             [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
             [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
             [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
-            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+            /usr/local/bin/docker-entrypoint.sh bao server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
    {{ else if eq .mode "dev" }}
           - |
             /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
@@ -1091,4 +1091,4 @@ config file from values
   {{- end }}
   {{- end }}
   {{- end }}
-{{- end -}}
+{{- end -}}

charts/openbao/values.yaml

@@ -477,10 +477,10 @@ server:
   authDelegator:
     enabled: true
 
-  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # -- extraInitContainers is a list of init containers. Specified as a YAML list.
   # This is useful if you need to run a script to provision TLS certificates or
   # write out configuration files in a dynamic way.
-  extraInitContainers: null
+  extraInitContainers: []
     # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
     # # which is defined in the volumes value.
     # - name: oauthapp
@@ -499,16 +499,16 @@ server:
   # extraContainers is a list of sidecar containers. Specified as a YAML list.
   extraContainers: null
 
-  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # -- shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
   # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation
   shareProcessNamespace: false
 
-  # extraArgs is a string containing additional Vault server arguments.
+  # -- extraArgs is a string containing additional Vault server arguments.
   extraArgs: ""
 
-  # extraPorts is a list of extra ports. Specified as a YAML list.
+  # -- extraPorts is a list of extra ports. Specified as a YAML list.
   # This is useful if you need to add additional ports to the statefulset in dynamic way.
-  extraPorts: null
+  extraPorts: []
     # - containerPort: 8300
     #   name: http-monitoring