Helm chart to install OpenBao and other associated components.

Find a file

Christopher Swenson d186b6ff29 Add annotation on config change (#1001 ) When updating the Vault config (and corresponding) configmap, we now generate a checksum of the config and set it as an annotation on both the configmap and the Vault StatefulSet pod template. This allows the deployer to know what pods need to be restarted to pick up the a changed config. We still recommend using the standard upgrade [method for Vault on Kubernetes](https://developer.hashicorp.com/vault/tutorials/kubernetes/kubernetes-raft-deployment-guide#upgrading-vault-on-kubernetes), i.e., using the `OnDelete` strategy for the Vault StatefulSet, so updating the config and doing a `helm upgrade` should not trigger the pods to restart, and then deleting pods one at a time, starting with the standby pods. With `kubectl` and `jq`, you can check check which pods need to be updated by first getting the value of the current configmap checksum: ```shell kubectl get pods -o json \| jq -r ".items[] \| select(.metadata.annotations.\"config/checksum\" != $(kubectl get configmap vault-config -o json \| jq '.metadata.annotations."config/checksum"') ) \| .metadata.name" ``` Fixes #748. --------- Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>		2024-03-18 11:03:56 -07:00
.github	Test against k8s 1.29 (#1003 )	2024-03-11 15:23:14 -04:00
templates	Add annotation on config change (#1001 )	2024-03-18 11:03:56 -07:00
test	Add annotation on config change (#1001 )	2024-03-18 11:03:56 -07:00
.gitignore	feature: Support configuring various properties as YAML directly. (#565 )	2021-07-07 19:07:58 -04:00
.helmignore	Update .helmignore (#732 )	2022-06-02 14:25:52 -07:00
CHANGELOG.md	Update to v0.27.0 (#978 )	2023-11-16 13:47:57 -08:00
Chart.yaml	Update to v0.27.0 (#978 )	2023-11-16 13:47:57 -08:00
CODEOWNERS	Convert hashicorp/vault-helm to GitHub Actions (#861 )	2023-04-12 09:19:02 -05:00
CONTRIBUTING.md	update CONTRIBUTING.md (#677 )	2022-01-12 10:12:19 -08:00
LICENSE	[COMPLIANCE] Add MPL 2.0 LICENSE (#800 )	2022-10-12 14:55:30 -07:00
Makefile	Test against k8s 1.29 (#1003 )	2024-03-11 15:23:14 -04:00
README.md	docs: Update outdated vaultproject.io/docs/ links (#935 )	2023-08-22 12:16:41 -07:00
values.openshift.yaml	Update to v0.27.0 (#978 )	2023-11-16 13:47:57 -08:00
values.schema.json	Update to v0.27.0 (#978 )	2023-11-16 13:47:57 -08:00
values.yaml	Add annotation on config change (#1001 )	2024-03-18 11:03:56 -07:00

README.md

Vault Helm Chart

⚠️ Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault Helm, please responsibly disclose by contacting us at security@hashicorp.com.

This repository contains the official HashiCorp Helm chart for installing and configuring Vault on Kubernetes. This chart supports multiple use cases of Vault on Kubernetes depending on the values provided.

For full documentation on this Helm chart along with all the ways you can use Vault with Kubernetes, please see the Vault and Kubernetes documentation.

Prerequisites

To use the charts here, Helm must be configured for your Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of this README. Please refer to the Kubernetes and Helm documentation.

The versions required are:

Helm 3.6+
Kubernetes 1.22+ - This is the earliest version of Kubernetes tested. It is possible that this chart works with earlier versions but it is untested.

Usage

To install the latest version of this chart, add the Hashicorp helm repository and run helm install:

$ helm repo add hashicorp https://helm.releases.hashicorp.com
"hashicorp" has been added to your repositories

$ helm install vault hashicorp/vault

Please see the many options supported in the values.yaml file. These are also fully documented directly on the Vault website along with more detailed installation instructions.