vault helm

No introduction found. Create it?

Install

Install with:

helm repo add hashicorp https://helm.releases.hashicorp.com/
helm install vault hashicorp/vault -f values.yaml

Examples

See examples from other people.

Top Repositories (3 out of 8)

NameRepoStarsVersionTimestamp
vaultqjoly/GitOps790.30.05 months ago
vaultqjoly/GitOps790.30.05 months ago
vaulth3mmy/bloopySphere620.28.1a year ago

Values

See the most popular values for this chart:

KeyTypes
injector.enabled (6)
false
boolean
injector.securityContext.container.allowPrivilegeEscalation (1)
false
boolean
injector.securityContext.container.capabilities.drop[] (1)
- ALL
string
injector.securityContext.container.seccompProfile.type (1)
RuntimeDefault
string
ui.enabled (6)
true
boolean
ui.serviceType (3)
ClusterIP
string
ui.externalPort (2)
8200
number
csi.enabled (5)
false
boolean
server.ingress.enabled (5)
true
boolean
server.ingress.hosts[].host (5)
vault.127.0.0.1.nip.io
string
server.ingress.hosts[].paths[] (4)
- /
string
server.ingress.tls[].hosts[] (5)
- vault.127.0.0.1.nip.io
string
server.ingress.tls[].secretName (5)
mkcert-tls-secret
string
server.ingress.ingressClassName (3)
istio
string
server.ingress.activeService (2)
true
boolean
server.ingress.annotations."cert-manager.io/cluster-issuer" (2)
letsencrypt-production
string
server.ingress.annotations."forecastle.stakater.com/appName" (2)
Hashicorp Vault
string
server.ingress.annotations."forecastle.stakater.com/expose" (2)
true
string
server.ingress.annotations."forecastle.stakater.com/group" (2)
Security
string
server.ingress.annotations."forecastle.stakater.com/icon" (2)
https://icon.icepanel.io/Technology/svg/HashiCorp-Vault.svg
string
server.ingress.annotations."hajimari.io/enable" (1)
true
string
server.ingress.annotations."hajimari.io/icon" (1)
shield-key
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)
networking-rfc1918@kubernetescrd
string
server.ingress.pathType (2)
Prefix
string
server.ha.enabled (4)
true
boolean
server.ha.raft.enabled (3)
true
boolean
server.ha.raft.config (1)
ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" cluster_address = "[::]:8201" } storage "raft" { path = "/vault/data" } seal "gcpckms" { project = "${GCP_PROJECT_KEY_0}" region = "${GCP_VAULT_KMS_REGION}" key_ring = "${GCP_VAULT_KEYRING_NAME}" crypto_key = "${GCP_VAULT_CRYPTO_NAME}" } service_registration "kubernetes" {}
string
server.ha.raft.setNodeId (1)
true
boolean
server.ha.replicas (1)
3
number
server.volumeMounts[].mountPath (4)
/vault/userconfig/init
string
server.volumeMounts[].name (4)
vault-init
string
server.volumeMounts[].readOnly (1)
true
boolean
server.volumes[].name (4)
vault-init
string
server.volumes[].configMap.defaultMode (2)
755
number
server.volumes[].configMap.name (2)
vault-init
string
server.affinity (2)

string
server.dev.enabled (2)
true
boolean
server.logFormat (2)
json
string
server.postStart[] (2)
- /bin/sh
- -c
- /vault/userconfig/init/vault-init.sh
string
server.resources.limits.memory (2)
256Mi
string
server.resources.limits.cpu (1)
200m
string
server.resources.requests.cpu (2)
250m
string
server.resources.requests.memory (2)
256Mi
string
server.standalone.enabled (2)
true
boolean
server.standalone.config (1)
log_format = "json" ui = true cluster_name = "beryjuorg-prod" plugin_directory = "/usr/local/libexec/vault" storage "file" { path = "/vault/data" } # HTTPS listener listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } telemetry { prometheus_retention_time = "24h" disable_hostname = true }
string
server.statefulSet.securityContext.container.allowPrivilegeEscalation (2)
false
boolean
server.statefulSet.securityContext.container.capabilities.drop[] (2)
- ALL
string
server.statefulSet.securityContext.container.readOnlyRootFilesystem (1)
true
boolean
server.statefulSet.securityContext.container.runAsNonRoot (1)
true
boolean
server.statefulSet.securityContext.container.seccompProfile.type (1)
RuntimeDefault
string
server.statefulSet.securityContext.pod.runAsGroup (1)
1000
number
server.statefulSet.securityContext.pod.runAsUser (1)
100
number
server.statefulSet.securityContext.pod.seccompProfile.type (1)
RuntimeDefault
string
server.updateStrategyType (2)
RollingUpdate
string
server.annotations."backup.velero.io/backup-volumes" (1)
data
string
server.auditStorage.enabled (1)
true
boolean
server.auditStorage.size (1)
2Gi
string
server.dataStorage.enabled (1)
true
boolean
server.dataStorage.size (1)
2Gi
string
server.dataStorage.storageClass (1)
ceph-block
string
server.enabled (1)
true
boolean
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (1)
/vault/userconfig/kms-vault-unseal/serviceaccount.json
string
server.extraEnvironmentVars.TZ (1)
${TZ}
string
server.extraEnvironmentVars.VAULT_AUTO_UNSEAL_KEY_0 (1)
pikakube
string
server.extraInitContainers[].args[] (1)
- cd /tmp && wget https://github.com/martinbaillie/vault-plugin-secrets-github/releases/download/v2.1.0/vault-plugin-secrets-github-linux-amd64 && mv vault-plugin-secrets-github-linux-amd64 /usr/local/libexec/vault/secrets-github && chmod +x /usr/local/libexec/vault/secrets-github
string
server.extraInitContainers[].command[] (1)
- sh
- -c
string
server.extraInitContainers[].image (1)
alpine
string
server.extraInitContainers[].name (1)
github-plugin
string
server.extraInitContainers[].volumeMounts[].mountPath (1)
/usr/local/libexec/vault
string
server.extraInitContainers[].volumeMounts[].name (1)
plugins
string
server.extraLabels."configmap.reloader.stakater.com/reload" (1)
vault-config
string
server.extraVolumes[].name (1)
kms-vault-unseal
string
server.extraVolumes[].path (1)
/vault/userconfig
string
server.extraVolumes[].type (1)
secret
string
server.image.repository (1)
proxy.registry.beryju.io/hashicorp/vault
string
server.image.tag (1)
1.20.4
string
server.readinessProbe.enabled (1)
true
boolean
server.readinessProbe.path (1)
/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
string
server.tolerations (1)
- key: "arm" operator: "Exists"
string
serverTelemetry.serviceMonitor.enabled (2)
true
boolean
serverTelemetry.serviceMonitor.authorization.credentials.key (1)
TOKEN
string
serverTelemetry.serviceMonitor.authorization.credentials.name (1)
beryju-io-vault-monitoring
string
fullnameOverride (1)
vault
string
global.enabled (1)
false
boolean
metrics.enabled (1)
true
boolean
service.enabled (1)
true
boolean