vault helm

No introduction found. Create it?

Install

Install with:

helm repo add hashicorp-charts https://helm.releases.hashicorp.com/
helm install vault hashicorp-charts/vault -f values.yaml

Top Repositories (1 out of 9)

See examples from other people.

NameRepoStarsVersionTimestamp
vaultcoolguy1771/home-ops390.27.0a day ago

Values

See the most popular values for this chart:

KeyTypes
server.ingress.enabled (7)
true
boolean
server.ingress.hosts[].host (6)
vault.svc.behn.dev
string
server.ingress.hosts[].paths[] (5)
- /
string
server.ingress.ingressClassName (6)
istio
string
server.ingress.tls[].hosts[] (6)
- vault.svc.behn.dev
string
server.ingress.tls[].secretName (6)
vault-tls
string
server.ingress.standalone.config (3)
log_format = "json" log_level = "debug" ui = true cluster_name = "behndev-prod" storage "file" { path = "/vault/data" } # HTTPS listener listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } telemetry { prometheus_retention_time = "24h" disable_hostname = true }
string
server.ingress.standalone.enabled (3)
true
boolean
server.ingress.annotations."cert-manager.io/cluster-issuer" (2)
vault-issuer
string
server.ingress.annotations."cert-manager.io/common-name" (1)
vault.286k.co
string
server.ingress.annotations."hajimari.io/enable" (1)
true
string
server.ingress.annotations."hajimari.io/icon" (1)
shield-key
string
server.ingress.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1)
HTTPS
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
server.ingress.activeService (1)
true
boolean
server.ingress.annotation."kubernetes.io/ingress.class" (1)
nginx
string
server.ingress.pathType (1)
Prefix
string
server.dataStorage.enabled (6)
true
boolean
server.dataStorage.storageClass (6)
longhorn
string
server.dataStorage.size (3)
10Gi
string
server.dataStorage.mountPath (1)
/vault/data
string
server.auditStorage.enabled (4)
true
boolean
server.auditStorage.storageClass (4)
longhorn
string
server.auditStorage.size (3)
10Gi
string
server.auditStorage.mountPath (2)
/vault/audit
string
server.enabled (4)
true
boolean
server.ha.enabled (4)
true
boolean
server.ha.replicas (4)
3
number
server.ha.raft.config (3)
ui = true listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_cert_file = "/vault/userconfig/tls-server/tls-combined.pem" tls_key_file = "/vault/userconfig/tls-server/tls.key" # tls_client_ca_file = "/vault/tls-server/client-auth-ca.pem" # Enable unauthenticated metrics access (necessary for Prometheus Operator) telemetry { unauthenticated_metrics_access = "true" } } seal "awskms" { region = "us-east-1" } storage "raft" { path = "/vault/data" retry_join { leader_api_addr = "https://vault-0.vault-internal:8200" leader_ca_cert_file = "/vault/userconfig/tls-server/ca.crt" leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt" leader_client_key_file = "/vault/userconfig/tls-server/tls.key" } } service_registration "kubernetes" {}
string
server.ha.raft.enabled (3)
true
boolean
server.ha.raft.setNodeId (3)
true
boolean
server.ha.config (1)
ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" cluster_address = "[::]:8201" } storage "consul" { path = "vault" address = "consul-consul-server:8500" } service_registration "kubernetes" {} # Example configuration for using auto-unseal, using Google Cloud KMS. The # GKMS keys must already exist, and the cluster must have a service account # that is authorized to access GCP KMS. #seal "gcpckms" { # project = "vault-helm-dev-246514" # region = "global" # key_ring = "vault-helm-unseal-kr" # crypto_key = "vault-helm-unseal-key" #}
string
server.logFormat (4)
json
string
server.readinessProbe.enabled (4)
true
boolean
server.readinessProbe.path (4)
/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
string
server.resources.requests.cpu (4)
250m
string
server.resources.requests.memory (4)
256Mi
string
server.resources.limits.memory (3)
256Mi
string
server.resources.limits.cpu (1)
500m
string
server.updateStrategyType (4)
RollingUpdate
string
server.extraVolumes[].name (3)
tls-server
string
server.extraVolumes[].type (3)
secret
string
server.extraVolumes[].path (2)
/vault/userconfig
string
server.standalone.enabled (3)
false
boolean
server.standalone.config (1)
ui = true storage "file" { path = "/vault/data" } #seal "transit" { # disabled = "false" # address = "${SECRET_VAULT_URL}" # token = "${SECRET_VAULT_TOKEN}" # disable_renewal = "false" # key_name = "autounseal" # mount_path = "transit/" # tls_skip_verify = "true" #} seal "gcpckms" { disabled = "false" project = "${SECRET_GCP_PROJECT}" region = "europe-west3" key_ring = "home-infra" crypto_key = "vault-unseal" } listener "tcp" { tls_disable = 1 address = "[::]:8200" cluster_address = "[::]:8201" telemetry { unauthenticated_metrics_access = "true" } } telemetry { prometheus_retention_time = "24h", disable_hostname = true } # service_registration "kubernetes" {}
string
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (2)
/vault/userconfig/kms-vault/account.json
string
server.extraEnvironmentVars.TZ (2)
${TIMEZONE}
string
server.extraEnvironmentVars.VAULT_CACERT (1)
/vault/userconfig/tls-server/ca.crt
string
server.extraEnvironmentVars.VAULT_TOKEN (1)
${SECRET_VAULT_TOKEN}
string
server.extraLabels."configmap.reloader.stakater.com/reload" (2)
vault-config
string
server.image.repository (2)
proxy.registry.beryju.org/hashicorp/vault
string
server.image.pullPolicy (1)
IfNotPresent
string
server.image.tag (1)
1.13.2
string
server.authDelegator.enabled (1)
true
boolean
server.extraArgs (1)

string
server.extraSecretEnvironmentVars[].envName (1)
AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID
VAULT_AWSKMS_SEAL_KEY_ID
string
server.extraSecretEnvironmentVars[].secretKey (1)
AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID
VAULT_AWSKMS_SEAL_KEY_ID
string
server.extraSecretEnvironmentVars[].secretName (1)
vault-secret
vault-secret
vault-secret
string
server.livenessProbe.enabled (1)
true
boolean
server.livenessProbe.initialDelaySeconds (1)
60
number
server.livenessProbe.path (1)
/v1/sys/health?standbyok=true
string
server.logLevel (1)
info
string
server.networkPolicy.enabled (1)
false
boolean
server.service.active.enabled (1)
true
boolean
server.service.enabled (1)
true
boolean
server.service.instanceSelector.enabled (1)
true
boolean
server.service.standby.enabled (1)
true
boolean
ui.enabled (6)
true
boolean
ui.serviceType (3)
ClusterIP
string
ui.activeVaultPodOnly (1)
true
boolean
ui.externalPort (1)
8200
number
ui.publishNotReadyAddresses (1)
true
boolean
ui.targetPort (1)
8200
number
csi.enabled (4)
false
boolean
csi.agent.enabled (1)
true
boolean
csi.agent.image.pullPolicy (1)
IfNotPresent
string
csi.agent.image.repository (1)
hashicorp/vault
string
csi.agent.image.tag (1)
1.15.3
string
csi.agent.logFormat (1)
json
string
csi.agent.logLevel (1)
info
string
csi.image.pullPolicy (1)
IfNotPresent
string
csi.image.repository (1)
hashicorp/vault-csi-provider
string
csi.image.tag (1)
1.4.1
string
global.enabled (4)
false
boolean
global.serverTelemetry.prometheusOperator (1)
true
boolean
global.tlsDisable (1)
false
boolean
metrics.enabled (2)
true
boolean
service.enabled (2)
true
boolean
ingress.annotations (1)
kubernetes.io/ingress.class: nginx hajimari.io/enable: "true" hajimari.io/icon: "bank"
string
ingress.enabled (1)
true
boolean
ingress.hosts[].host (1)
vault.${SECRET_DOMAIN}
string
ingress.hosts[].paths[] (1)
- /
string
ingress.tls[].hosts[] (1)
- vault.${SECRET_DOMAIN}
string
ingress.tls[].secretName (1)
vault-tls
string
injector.failurePolicy (1)
Ignore
string
injector.leaderElector.enabled (1)
true
boolean
injector.logFormat (1)
json
string
injector.logLevel (1)
info
string
injector.metrics.enabled (1)
true
boolean
injector.replicas (1)
1
number
injector.resources.limits.cpu (1)
250m
string
injector.resources.limits.memory (1)
256Mi
string
injector.resources.requests.cpu (1)
250m
string
injector.resources.requests.memory (1)
256Mi
string
injector.revokeOnShutdown (1)
true
boolean
injector.webhook.failurePolicy (1)
Ignore
string
injector.webhook.matchPolicy (1)
Exact
string
injector.webhook.timeoutSeconds (1)
30
number
serverTelemetry.prometheusRules.enabled (1)
true
boolean
serverTelemetry.prometheusRules.rules[].alert (1)
vault-HighResponseTime
vault-HighResponseTime
string
serverTelemetry.prometheusRules.rules[].annotations.message (1)
The response time of Vault is over 500ms on average over the last 5 minutes.
The response time of Vault is over 1s on average over the last 5 minutes.
string
serverTelemetry.prometheusRules.rules[].expr (1)
vault_core_handle_request{quantile="0.5", namespace="vault-system"} > 500
vault_core_handle_request{quantile="0.5", namespace="vault-system"} > 1000
string
serverTelemetry.prometheusRules.rules[].for (1)
5m
5m
string
serverTelemetry.prometheusRules.rules[].labels.severity (1)
warning
critical
string
serverTelemetry.serviceMonitor.enabled (1)
true
boolean