No introduction found. Create it?
Install with:
helm repo add hashicorp-charts https://helm.releases.hashicorp.com/
helm install vault hashicorp-charts/vault -f values.yaml
See examples from other people.
Name | Repo | Stars | Version | Timestamp |
---|---|---|---|---|
vault | coolguy1771/home-ops | 39 | 0.27.0 | a day ago |
See the most popular values for this chart:
Key | Types |
---|---|
boolean | |
server.ingress.hosts[].host (6) vault.svc.behn.dev | string |
string | |
string | |
server.ingress.tls[].hosts[] (6) - vault.svc.behn.dev | string |
server.ingress.tls[].secretName (6) vault-tls | string |
server.ingress.standalone.config (3) log_format = "json"
log_level = "debug"
ui = true
cluster_name = "behndev-prod"
storage "file" {
path = "/vault/data"
}
# HTTPS listener
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_disable = 1
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
}
| string |
boolean | |
string | |
string | |
string | |
string | |
string | |
string | |
boolean | |
string | |
string | |
boolean | |
string | |
string | |
server.dataStorage.mountPath (1) /vault/data | string |
boolean | |
string | |
string | |
server.auditStorage.mountPath (2) /vault/audit | string |
boolean | |
boolean | |
number | |
server.ha.raft.config (3) ui = true
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/tls-server/tls-combined.pem"
tls_key_file = "/vault/userconfig/tls-server/tls.key"
# tls_client_ca_file = "/vault/tls-server/client-auth-ca.pem"
# Enable unauthenticated metrics access (necessary for Prometheus Operator)
telemetry {
unauthenticated_metrics_access = "true"
}
}
seal "awskms" {
region = "us-east-1"
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-0.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/tls-server/ca.crt"
leader_client_cert_file = "/vault/userconfig/tls-server/tls.crt"
leader_client_key_file = "/vault/userconfig/tls-server/tls.key"
}
}
service_registration "kubernetes" {}
| string |
boolean | |
boolean | |
server.ha.config (1) ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "consul" {
path = "vault"
address = "consul-consul-server:8500"
}
service_registration "kubernetes" {}
# Example configuration for using auto-unseal, using Google Cloud KMS. The
# GKMS keys must already exist, and the cluster must have a service account
# that is authorized to access GCP KMS.
#seal "gcpckms" {
# project = "vault-helm-dev-246514"
# region = "global"
# key_ring = "vault-helm-unseal-kr"
# crypto_key = "vault-helm-unseal-key"
#}
| string |
string | |
boolean | |
server.readinessProbe.path (4) /v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204 | string |
string | |
string | |
string | |
string | |
server.updateStrategyType (4) RollingUpdate | string |
server.extraVolumes[].name (3) tls-server | string |
string | |
server.extraVolumes[].path (2) /vault/userconfig | string |
boolean | |
server.standalone.config (1) ui = true
storage "file" {
path = "/vault/data"
}
#seal "transit" {
# disabled = "false"
# address = "${SECRET_VAULT_URL}"
# token = "${SECRET_VAULT_TOKEN}"
# disable_renewal = "false"
# key_name = "autounseal"
# mount_path = "transit/"
# tls_skip_verify = "true"
#}
seal "gcpckms" {
disabled = "false"
project = "${SECRET_GCP_PROJECT}"
region = "europe-west3"
key_ring = "home-infra"
crypto_key = "vault-unseal"
}
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
telemetry {
unauthenticated_metrics_access = "true"
}
}
telemetry {
prometheus_retention_time = "24h",
disable_hostname = true
}
# service_registration "kubernetes" {}
| string |
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (2) /vault/userconfig/kms-vault/account.json | string |
server.extraEnvironmentVars.TZ (2) ${TIMEZONE} | string |
server.extraEnvironmentVars.VAULT_CACERT (1) /vault/userconfig/tls-server/ca.crt | string |
server.extraEnvironmentVars.VAULT_TOKEN (1) ${SECRET_VAULT_TOKEN} | string |
string | |
server.image.repository (2) proxy.registry.beryju.org/hashicorp/vault | string |
server.image.pullPolicy (1) IfNotPresent | string |
server.image.tag (1) 1.13.2 | string |
boolean | |
string | |
server.extraSecretEnvironmentVars[].envName (1) AWS_SECRET_ACCESS_KEY | string |
server.extraSecretEnvironmentVars[].secretKey (1) AWS_SECRET_ACCESS_KEY | string |
server.extraSecretEnvironmentVars[].secretName (1) vault-secret | string |
boolean | |
number | |
server.livenessProbe.path (1) /v1/sys/health?standbyok=true | string |
string | |
boolean | |
boolean | |
boolean | |
boolean | |
boolean | |
ui.enabled (6) true | boolean |
ui.serviceType (3) ClusterIP | string |
boolean | |
number | |
boolean | |
number | |
csi.enabled (4) false | boolean |
boolean | |
csi.agent.image.pullPolicy (1) IfNotPresent | string |
csi.agent.image.repository (1) hashicorp/vault | string |
csi.agent.image.tag (1) 1.15.3 | string |
string | |
string | |
csi.image.pullPolicy (1) IfNotPresent | string |
csi.image.repository (1) hashicorp/vault-csi-provider | string |
csi.image.tag (1) 1.4.1 | string |
global.enabled (4) false | boolean |
boolean | |
boolean | |
boolean | |
boolean | |
ingress.annotations (1) kubernetes.io/ingress.class: nginx
hajimari.io/enable: "true"
hajimari.io/icon: "bank"
| string |
boolean | |
ingress.hosts[].host (1) vault.${SECRET_DOMAIN} | string |
string | |
ingress.tls[].hosts[] (1) - vault.${SECRET_DOMAIN} | string |
ingress.tls[].secretName (1) vault-tls | string |
string | |
boolean | |
string | |
string | |
boolean | |
number | |
string | |
string | |
string | |
string | |
boolean | |
string | |
string | |
number | |
boolean | |
serverTelemetry.prometheusRules.rules[].alert (1) vault-HighResponseTime | string |
serverTelemetry.prometheusRules.rules[].annotations.message (1) The response time of Vault is over 500ms on average over the last 5 minutes. | string |
serverTelemetry.prometheusRules.rules[].expr (1) vault_core_handle_request{quantile="0.5", namespace="vault-system"} > 500 | string |
string | |
serverTelemetry.prometheusRules.rules[].labels.severity (1) warning | string |
boolean |