- As part of VAULT-571 / #703 in 7109159, a new vault.serverEnabled
template was added (and included in vault.mode)
Various templates were updated accordingly, but those that were
already calling vault.mode had an additonal call to
vault.serverEnabled made which was unnecessary
Remove those
VAULT-571 Matching documented behavior and consul
Consul's helm template defaults most of the enabled to the special value
`"-"`, which means to inherit from global. This is what is implied
should happen in Vault as well according to the documentation for the
helm chart:
> [global.enabled] The master enabled/disabled configuration. If this is
> true, most components will be installed by default. If this is false,
> no components will be installed by default and manually opting-in is
> required, such as by setting server.enabled to true.
(https://www.vaultproject.io/docs/platform/k8s/helm/configuration#enabled)
We also simplified the chart logic using a few template helpers.
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Change config specification
As it is right now, the specification of the config is done through an
string. When using storage backends like PostgreSQL, the password for the
database has to be included in the config variable of the values file.
This change allows to specify the configuration through a map, making
the chart GitOps friendly. Now, sensitive values can be stored in a
different values file or passed on deployment time with --set.
To have a very generic specification:
- I've assumed that the combination stanza (eg. storage) name (eg. file)
is unique.
- Quoted values for all stanza parameters. I tested a generated
configuration in a vault docker image and it seems to work just fine.
* Change config format to json
* Add conditional formatting
* Add config for raft mode
Uses Values.injector.externalVaultAddr to control the vault address
env variable and server yaml rendering.
If injector.externalVaultAddr is empty, both the injector and vault
are deployed, with the injector using the local vault. If
injector.externalVaultAddr is not empty, only the injector is
deployed, and it uses the vault at the address specified in
injector.externalVaultAddr.
