# Default values for vault. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 3 image: repository: vault tag: 0.9.6 pullPolicy: IfNotPresent service: name: vault type: ClusterIP externalPort: 8200 port: 8200 annotations: {} # clusterIP: None # annotations: # cloud.google.com/load-balancer-type: "Internal" ingress: enabled: false # Used to create Ingress record (should used with service.type: ClusterIP). # hosts: # - chart-example.local # annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" # tls: # Secrets must be manually created in the namespace. # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi affinity: | podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app: {{ template "vault.fullname" . }} release: {{ .Release.Name }} podAnnotations: {} vault: # Only used to enable dev mode. When in dev mode, the rest of this config # section below is not used to configure Vault. See # https://www.vaultproject.io/intro/getting-started/dev-server.html for more # information. vault_dev: false # Allows the mounting of various custom secrets th enable production vault # configurations. The comments show an example usage for mounting a TLS # secret. The two fields required are a secretName indicating the name of # the Kubernetes secret (created outside of this chart), and the mountPath # at which it should be mounted in the Vault container. customSecrets: [] #- secretName: "{{ template "vault.fullname" . }}-secret" # mountPath: /vault/secret readiness: readyIfSealed: false readyIfStandby: true readyIfUninitialized: true config: # A YAML representation of a final vault config.json file. # See https://www.vaultproject.io/docs/configuration/ for more information. listener: tcp: address: '[::]:8200' cluster_address: '[::]:8201' tls_disable: true # tls_cert_file: /vault/tls/server.crt # tls_key_file: /vault/tls/server.key # See https://www.vaultproject.io/docs/configuration/storage/ for storage backends storage: # consul: # address: "" # path: "" # # etcd: # address: "" # path: "vault/" # s3: bucket: "" region: "" access_key: "" secret_key: "" # endpoint: "" # When not using AWS S3 # # gcs: # bucket: "" # # Use a custom secret to mount this file. # credentials_file: "" # Default values for vault-ui. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicasCount: 1 image_ui: repository: djenriquez/vault-ui tag: latest pullPolicy: IfNotPresent service_ui: name: vault-ui # Use ClusterIP type for service by default, in most cases, the external service for Vault UI not needed type: ClusterIP externalPort: 80 internalPort: 8000 ingress_ui: enabled: true # Used to create Ingress record (should used with service.type: ClusterIP). hosts: - vault-ui.drakemall.com annotations: # AWS --> redirect http to https kubernetes.io/ingress.class: nginx ingress.kubernetes.io/force-ssl-redirect: "true" tls: # Secrets must be manually created in the namespace. # - secretName: chart-example-tls # hosts: # - chart-example.local vault_ui: auth: TOKEN url: http://vault:8200 vault_storage: AWS_ACCESS_KEY_ID: aws_access_key_id AWS_SECRET_ACCESS_KEY: aws_s3_access_key AWS_S3_BUCKET: aws_s3_bucket AWS_REGION: aws_region