No introduction found. Create it?
Install with:
helm repo add hashicorp-charts https://helm.releases.hashicorp.com/
helm install vault hashicorp-charts/vault -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| vault | coolguy1771/home-ops | 52 | 0.27.0 | 3 months ago |
| vault | h3mmy/bloopySphere | 49 | 0.27.0 | 4 months ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
| boolean | |
server.ingress.hosts[].host (6) vault.svc.behn.dev | string |
| string | |
| string | |
server.ingress.tls[].hosts[] (6) - vault.svc.behn.dev | string |
server.ingress.tls[].secretName (5) vault-tls | string |
server.ingress.annotations."cert-manager.io/cluster-issuer" (3) letsencrypt-production | string |
| string | |
| string | |
| string | |
| string | |
| string | |
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1) networking-rfc1918@kubernetescrd | string |
server.ingress.standalone.config (3) log_format = "json"
log_level = "debug"
ui = true
cluster_name = "behndev-prod"
storage "file" {
path = "/vault/data"
}
# HTTPS listener
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_disable = 1
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
}
| string |
| boolean | |
| boolean | |
| string | |
| boolean | |
| string | |
| string | |
server.dataStorage.mountPath (1) /vault/data | string |
server.extraVolumes[].name (4) kms-vault-unseal | string |
| string | |
server.extraVolumes[].path (3) /vault/userconfig | string |
| boolean | |
server.ha.raft.config (4) ui = true
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/tls-server/tls-combined.pem"
tls_key_file = "/vault/userconfig/tls-server/tls.key"
# tls_client_ca_file = "/vault/tls-server/client-auth-ca.pem"
# Enable unauthenticated metrics access (necessary for Prometheus Operator)
telemetry {
unauthenticated_metrics_access = "true"
}
}
seal "awskms" {
region = "us-east-1"
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-0.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/tls-server/ca.crt"
leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
}
}
service_registration "kubernetes" {}
| string |
| boolean | |
| boolean | |
| number | |
| string | |
| boolean | |
server.readinessProbe.path (4) /v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204 | string |
| string | |
| string | |
| string | |
| string | |
server.updateStrategyType (4) RollingUpdate | string |
| boolean | |
| string | |
| string | |
server.auditStorage.mountPath (1) /vault/audit | string |
| boolean | |
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (3) /vault/userconfig/kms-vault-unseal/serviceaccount.json | string |
| string | |
server.extraEnvironmentVars.VAULT_CACERT (1) /vault/userconfig/tls-server/ca.crt | string |
server.extraEnvironmentVars.VAULT_TOKEN (1) ${SECRET_VAULT_TOKEN} | string |
| string | |
| boolean | |
server.standalone.config (1) ui = true
storage "file" {
path = "/vault/data"
}
#seal "transit" {
# disabled = "false"
# address = "${SECRET_VAULT_URL}"
# token = "${SECRET_VAULT_TOKEN}"
# disable_renewal = "false"
# key_name = "autounseal"
# mount_path = "transit/"
# tls_skip_verify = "true"
#}
seal "gcpckms" {
disabled = "false"
project = "${SECRET_GCP_PROJECT}"
region = "europe-west3"
key_ring = "home-infra"
crypto_key = "vault-unseal"
}
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
telemetry {
unauthenticated_metrics_access = "true"
}
}
telemetry {
prometheus_retention_time = "24h",
disable_hostname = true
}
# service_registration "kubernetes" {}
| string |
| string | |
| boolean | |
| string | |
server.extraSecretEnvironmentVars[].envName (1) AWS_SECRET_ACCESS_KEY | string |
server.extraSecretEnvironmentVars[].secretKey (1) AWS_SECRET_ACCESS_KEY | string |
server.extraSecretEnvironmentVars[].secretName (1) vault-secret | string |
server.image.repository (1) proxy.registry.beryju.org/hashicorp/vault | string |
| boolean | |
| number | |
server.livenessProbe.path (1) /v1/sys/health?standbyok=true | string |
| string | |
| boolean | |
| boolean | |
| boolean | |
| boolean | |
| boolean | |
server.tolerations (1) - key: "arm"
operator: "Exists"
| string |
ui.enabled (6) true | boolean |
ui.serviceType (4) ClusterIP | string |
| boolean | |
| number | |
| boolean | |
| number | |
global.enabled (4) false | boolean |
| boolean | |
| boolean | |
csi.enabled (3) true | boolean |
| boolean | |
csi.agent.image.pullPolicy (1) IfNotPresent | string |
csi.agent.image.repository (1) hashicorp/vault | string |
csi.agent.image.tag (1) 1.15.4 | string |
| string | |
| string | |
csi.image.pullPolicy (1) IfNotPresent | string |
csi.image.repository (1) hashicorp/vault-csi-provider | string |
csi.image.tag (1) 1.4.1 | string |
| boolean | |
| boolean | |
ingress.annotations (1) kubernetes.io/ingress.class: nginx
hajimari.io/enable: "true"
hajimari.io/icon: "bank"
| string |
| boolean | |
ingress.hosts[].host (1) vault.${SECRET_DOMAIN} | string |
| string | |
ingress.tls[].hosts[] (1) - vault.${SECRET_DOMAIN} | string |
ingress.tls[].secretName (1) vault-tls | string |
| string | |
| boolean | |
| string | |
| string | |
| boolean | |
| number | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| string | |
| number | |
| boolean | |
serverTelemetry.prometheusRules.rules[].alert (1) vault-HighResponseTime | string |
serverTelemetry.prometheusRules.rules[].annotations.message (1) The response time of Vault is over 500ms on average over the last 5 minutes. | string |
serverTelemetry.prometheusRules.rules[].expr (1) vault_core_handle_request{quantile="0.5", namespace="vault-system"} > 500 | string |
| string | |
serverTelemetry.prometheusRules.rules[].labels.severity (1) warning | string |
| boolean |