vault helm

No introduction found. Create it?

Install

Install with:

helm repo add hashicorp-charts https://helm.releases.hashicorp.com/
helm install vault hashicorp-charts/vault -f values.yaml

Examples

See examples from other people.

Top Repositories (3 out of 8)

NameRepoStarsVersionTimestamp
vaultqjoly/GitOps640.30.02 months ago
vaultqjoly/GitOps640.30.02 months ago
vaulth3mmy/bloopySphere620.28.1a year ago

Values

See the most popular values for this chart:

KeyTypes
ui.enabled (6)
true
boolean
ui.serviceType (5)
ClusterIP
string
ui.externalPort (2)
8200
number
server.ha.enabled (5)
true
boolean
server.ha.raft.enabled (5)
true
boolean
server.ha.raft.setNodeId (3)
true
boolean
server.ha.raft.config (2)
ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" cluster_address = "[::]:8201" } storage "raft" { path = "/vault/data" } seal "gcpckms" { project = "${GCP_PROJECT_KEY_0}" region = "${GCP_VAULT_KMS_REGION}" key_ring = "${GCP_VAULT_KEYRING_NAME}" crypto_key = "${GCP_VAULT_CRYPTO_NAME}" } service_registration "kubernetes" {}
string
server.ha.replicas (3)
3
number
server.dataStorage.enabled (4)
true
boolean
server.dataStorage.storageClass (4)
ceph-block
string
server.dataStorage.size (1)
5Gi
string
server.ingress.enabled (4)
true
boolean
server.ingress.hosts[].host (3)
vault.svc.behn.dev
string
server.ingress.hosts[].paths[] (2)
- /
string
server.ingress.ingressClassName (3)
istio
string
server.ingress.tls[].hosts[] (3)
- vault.svc.behn.dev
string
server.ingress.tls[].secretName (3)
behndev-global
string
server.ingress.activeService (1)
true
boolean
server.ingress.annotations."cert-manager.io/cluster-issuer" (1)
letsencrypt-production
string
server.ingress.annotations."hajimari.io/enable" (1)
true
string
server.ingress.annotations."hajimari.io/icon" (1)
shield-key
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)
networking-rfc1918@kubernetescrd
string
server.ingress.pathType (1)
Prefix
string
server.ingress.standalone.config (1)
log_format = "json" log_level = "debug" ui = true cluster_name = "behndev-prod" storage "file" { path = "/vault/data" } # HTTPS listener listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } telemetry { prometheus_retention_time = "24h" disable_hostname = true }
string
server.ingress.standalone.enabled (1)
true
boolean
server.standalone.enabled (4)
false
boolean
server.standalone.config (1)
log_format = "json" ui = true cluster_name = "beryjuorg-prod" plugin_directory = "/usr/local/libexec/vault" storage "file" { path = "/vault/data" } # HTTPS listener listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } telemetry { prometheus_retention_time = "24h" disable_hostname = true }
string
server.extraEnvironmentVars.TZ (3)
${TIMEZONE}
string
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (1)
/vault/userconfig/kms-vault-unseal/serviceaccount.json
string
server.extraLabels."configmap.reloader.stakater.com/reload" (3)
vault-config
string
server.resources.limits.memory (3)
256Mi
string
server.resources.requests.cpu (3)
250m
string
server.resources.requests.memory (3)
256Mi
string
server.affinity (2)

string
server.enabled (2)
true
boolean
server.logFormat (2)
json
string
server.readinessProbe.enabled (2)
true
boolean
server.readinessProbe.path (2)
/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
string
server.updateStrategyType (2)
RollingUpdate
string
server.annotations."backup.velero.io/backup-volumes" (1)
data
string
server.auditStorage.enabled (1)
true
boolean
server.auditStorage.size (1)
5Gi
string
server.auditStorage.storageClass (1)
${STORAGE_CLASS_SSD}
string
server.extraInitContainers[].args[] (1)
- cd /tmp && wget https://github.com/martinbaillie/vault-plugin-secrets-github/releases/download/v2.1.0/vault-plugin-secrets-github-linux-amd64 && mv vault-plugin-secrets-github-linux-amd64 /usr/local/libexec/vault/secrets-github && chmod +x /usr/local/libexec/vault/secrets-github
string
server.extraInitContainers[].command[] (1)
- sh
- -c
string
server.extraInitContainers[].image (1)
alpine
string
server.extraInitContainers[].name (1)
github-plugin
string
server.extraInitContainers[].volumeMounts[].mountPath (1)
/usr/local/libexec/vault
string
server.extraInitContainers[].volumeMounts[].name (1)
plugins
string
server.extraVolumes[].name (1)
kms-vault-unseal
string
server.extraVolumes[].path (1)
/vault/userconfig
string
server.extraVolumes[].type (1)
secret
string
server.image.repository (1)
proxy.registry.beryju.io/hashicorp/vault
string
server.image.tag (1)
1.20.0
string
server.tolerations (1)
- key: "arm" operator: "Exists"
string
server.volumeMounts[].mountPath (1)
/usr/local/libexec/vault
string
server.volumeMounts[].name (1)
plugins
string
server.volumeMounts[].readOnly (1)
true
boolean
server.volumes[].name (1)
plugins
string
csi.enabled (3)
false
boolean
injector.enabled (3)
false
string, boolean
metrics.enabled (3)
true
boolean
service.enabled (3)
true
boolean
global.enabled (2)
false
boolean
ingress.annotations (1)
kubernetes.io/ingress.class: nginx hajimari.io/enable: "true" hajimari.io/icon: "bank"
string
ingress.enabled (1)
true
boolean
ingress.hosts[].host (1)
vault.${SECRET_DOMAIN}
string
ingress.hosts[].paths[] (1)
- /
string
ingress.tls[].hosts[] (1)
- vault.${SECRET_DOMAIN}
string
ingress.tls[].secretName (1)
vault-tls
string
serverTelemetry.serviceMonitor.authorization.credentials.key (1)
TOKEN
string
serverTelemetry.serviceMonitor.authorization.credentials.name (1)
beryju-io-vault-monitoring
string
serverTelemetry.serviceMonitor.enabled (1)
true
boolean