Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Helm chart to install OpenBao and other associated components.
313 commits 11 branches 48 tags 1.4 MiB
Shell 89.9%
Smarty 8%
HCL 0.9%
Makefile 0.7%
Dockerfile 0.5%
Find a file
Jean-François Roche c45f9b997d
Enable Vault to review kube tokens when using external Vault (#392) 
We want Vault to perform token reviews with Kubernetes even if we are
using an external Vault.

We need to create the ServiceAccount, Secret and ClusterRoleBinding with
the system:auth-delegator role to enable delegated authentication and
authorization checks [1].

These SA and RBAC objects are created when we deploy the Vault server.
In order to enable the creation of these objects when using an external
Vault, we remove the condition on external mode.

User might want to provide a sensible name (in global.serviceAccount.name) to the service
account such as: vault-auth.

refs #376

[1] https://www.vaultproject.io/docs/auth/kubernetes#configuring-kubernetes
2020-10-20 09:34:48 -04:00
.circleci check that git tag == chart tag on tagged releases (#316) 2020-06-02 11:38:59 -04:00
.github Update Jira sync action versions (#386) 2020-09-14 16:50:46 +01:00
templates Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00
test Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00
.gitignore Fix audit storage mount in HA mode (#79) 2019-10-10 10:03:44 -04:00
.helmignore Ignore bin dirs 2018-08-20 17:30:52 -07:00
CHANGELOG.md changelog++ 2020-10-16 10:48:41 -04:00
Chart.yaml Update to 0.7.0 (#374) 2020-08-24 14:19:12 -04:00
CONTRIBUTING.md Helm 3 support (#195) 2020-02-06 08:44:38 -08:00
LICENSE.md Add license 2018-08-17 22:09:05 -07:00
Makefile Minor updates for Makefile (#355) 2020-07-30 10:16:47 -04:00
README.md Add note to config about sensitive configs (#323) 2020-06-04 13:37:31 -04:00
values.yaml Enable Vault to review kube tokens when using external Vault (#392) 2020-10-20 09:34:48 -04:00

README.md

Vault Helm Chart

⚠️ Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault Helm, please responsibly disclose by contacting us at security@hashicorp.com.

This repository contains the official HashiCorp Helm chart for installing and configuring Vault on Kubernetes. This chart supports multiple use cases of Vault on Kubernetes depending on the values provided.

For full documentation on this Helm chart along with all the ways you can use Vault with Kubernetes, please see the Vault and Kubernetes documentation.

Prerequisites

To use the charts here, Helm must be configured for your Kubernetes cluster. Setting up Kubernetes and Helm and is outside the scope of this README. Please refer to the Kubernetes and Helm documentation.

The versions required are:

  • Helm 3.0+ - This is the earliest version of Helm tested. It is possible it works with earlier versions but this chart is untested for those versions.
  • Kubernetes 1.9+ - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested. Other versions verified are Kubernetes 1.10, 1.11.

Usage

To install the latest version of this chart, add the Hashicorp helm repository and run helm install:

$ helm repo add hashicorp https://helm.releases.hashicorp.com
"hashicorp" has been added to your repositories

$ helm install vault hashicorp/vault

Please see the many options supported in the values.yaml file. These are also fully documented directly on the Vault website along with more detailed installation instructions.