vault helm

No introduction found. Create it?

Install

Install with:

helm repo add hashicorp https://helm.releases.hashicorp.com/
helm install vault hashicorp/vault -f values.yaml

Examples

See examples from other people.

Top Repositories (3 out of 8)

NameRepoStarsVersionTimestamp
vaulth3mmy/bloopySphere630.31.0a month ago
vaultqjoly/GitOps920.31.02 months ago
vaultqjoly/GitOps920.31.02 months ago

Values

See the most popular values for this chart:

KeyTypes
injector.enabled (6)
false
boolean
injector.image.repository (1)
hashicorp/vault-k8s
string
injector.image.tag (1)
1.7.0
string
injector.resources.limits.cpu (1)
250m
string
injector.resources.limits.memory (1)
256Mi
string
injector.resources.requests.cpu (1)
250m
string
injector.resources.requests.memory (1)
256Mi
string
ui.enabled (6)
true
boolean
ui.serviceType (3)
ClusterIP
string
ui.externalPort (2)
8200
number
server.ha.enabled (5)
true
boolean
server.ha.raft.enabled (4)
true
boolean
server.ha.raft.config (2)
ui = true listener "tcp" { address = "[0.0.0.0]:8200" cluster_address = "[0.0.0.0]:8201" tls_cert_file = "/vault/tls/tls.crt" tls_key_file = "/vault/tls/tls.key" api_addr = "https://vault-active:8200" cluster_addr = "https://vault-active:8201" } seal "awskms" { region = "us-west-2" kms_key_id = "765bd6ab-accb-421f-9ace-b31771c2887e" } storage "raft" { path = "/vault/data" retry_join { leader_api_addr = "https://vault-0.vault-internal:8200" leader_ca_cert_file = "/vault/tls/ca.crt" leader_client_cert_file = "/vault/tls/tls.crt" leader_client_key_file = "/vault/tls/tls.key" } retry_join { leader_api_addr = "https://vault-1.vault-internal:8200" leader_ca_cert_file = "/vault/tls/ca.crt" leader_client_cert_file = "/vault/tls/tls.crt" leader_client_key_file = "/vault/tls/tls.key" } retry_join { leader_api_addr = "https://vault-2.vault-internal:8200" leader_ca_cert_file = "/vault/tls/ca.crt" leader_client_cert_file = "/vault/tls/tls.crt" leader_client_key_file = "/vault/tls/tls.key" } } service_registration "kubernetes" {}
string
server.ha.raft.setNodeId (1)
true
boolean
server.ha.replicas (2)
3
number
server.ingress.enabled (5)
true
boolean
server.ingress.hosts[].host (5)
vault.127.0.0.1.nip.io
string
server.ingress.hosts[].paths[] (4)
- /
string
server.ingress.tls[].hosts[] (5)
- vault.127.0.0.1.nip.io
string
server.ingress.tls[].secretName (5)
mkcert-tls-secret
string
server.ingress.ingressClassName (3)
istio
string
server.ingress.activeService (2)
true
boolean
server.ingress.annotations."cert-manager.io/cluster-issuer" (2)
letsencrypt-production
string
server.ingress.annotations."forecastle.stakater.com/appName" (2)
Hashicorp Vault
string
server.ingress.annotations."forecastle.stakater.com/expose" (2)
true
string
server.ingress.annotations."forecastle.stakater.com/group" (2)
Security
string
server.ingress.annotations."forecastle.stakater.com/icon" (2)
https://icon.icepanel.io/Technology/svg/HashiCorp-Vault.svg
string
server.ingress.annotations."hajimari.io/enable" (1)
true
string
server.ingress.annotations."hajimari.io/icon" (1)
shield-key
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
server.ingress.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)
networking-rfc1918@kubernetescrd
string
server.ingress.pathType (2)
Prefix
string
server.volumeMounts[].mountPath (5)
/vault/userconfig/init
string
server.volumeMounts[].name (5)
vault-init
string
server.volumeMounts[].readOnly (2)
true
boolean
server.volumes[].name (5)
vault-init
string
server.volumes[].configMap.defaultMode (2)
755
number
server.volumes[].configMap.name (2)
vault-init
string
server.volumes[].secret.secretName (1)
vault-server-tls
string
server.resources.limits.memory (3)
512Mi
string
server.resources.limits.cpu (2)
500m
string
server.resources.requests.cpu (3)
100m
string
server.resources.requests.memory (3)
256Mi
string
server.affinity (2)

string
server.auditStorage.enabled (2)
true
boolean
server.auditStorage.size (2)
2Gi
string
server.auditStorage.standalone.enabled (1)
false
boolean
server.auditStorage.storageClassName (1)
iscsi
string
server.dataStorage.enabled (2)
true
boolean
server.dataStorage.size (2)
2Gi
string
server.dataStorage.accessMode (1)
ReadWriteOnce
string
server.dataStorage.mountPath (1)
/vault/data
string
server.dataStorage.storageClass (1)
ceph-block
string
server.dataStorage.storageClassName (1)
iscsi
string
server.logFormat (2)
json
string
server.postStart[] (2)
- /bin/sh
- -c
- /vault/userconfig/init/vault-init.sh
string
server.readinessProbe.enabled (2)
true
boolean
server.readinessProbe.path (2)
/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
string
server.standalone.enabled (2)
true
boolean
server.standalone.config (1)
log_format = "json" ui = true cluster_name = "beryjuorg-prod" plugin_directory = "/usr/local/libexec/vault" storage "file" { path = "/vault/data" } # HTTPS listener listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } telemetry { prometheus_retention_time = "24h" disable_hostname = true }
string
server.updateStrategyType (2)
RollingUpdate
string
server.annotations."backup.velero.io/backup-volumes" (1)
data
string
server.dev.enabled (1)
true
boolean
server.enabled (1)
true
boolean
server.extraEnvironmentVars.GOOGLE_APPLICATION_CREDENTIALS (1)
/vault/userconfig/kms-vault-unseal/serviceaccount.json
string
server.extraEnvironmentVars.TZ (1)
${TZ}
string
server.extraEnvironmentVars.VAULT_AUTO_UNSEAL_KEY_0 (1)
pikakube
string
server.extraInitContainers[].args[] (1)
- cd /tmp && wget https://github.com/martinbaillie/vault-plugin-secrets-github/releases/download/v2.1.0/vault-plugin-secrets-github-linux-amd64 && mv vault-plugin-secrets-github-linux-amd64 /usr/local/libexec/vault/secrets-github && chmod +x /usr/local/libexec/vault/secrets-github
string
server.extraInitContainers[].command[] (1)
- sh
- -c
string
server.extraInitContainers[].image (1)
alpine
string
server.extraInitContainers[].name (1)
github-plugin
string
server.extraInitContainers[].volumeMounts[].mountPath (1)
/usr/local/libexec/vault
string
server.extraInitContainers[].volumeMounts[].name (1)
plugins
string
server.extraLabels."configmap.reloader.stakater.com/reload" (1)
vault-config
string
server.extraSecretEnvironmentVars[].envName (1)
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
string
server.extraSecretEnvironmentVars[].secretKey (1)
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
string
server.extraSecretEnvironmentVars[].secretName (1)
vault-aws-creds
vault-aws-creds
string
server.extraVolumes[].name (1)
kms-vault-unseal
string
server.extraVolumes[].path (1)
/vault/userconfig
string
server.extraVolumes[].type (1)
secret
string
server.image.repository (1)
proxy.registry.beryju.io/hashicorp/vault
string
server.image.tag (1)
1.21.1
string
server.livenessProbe.enabled (1)
true
boolean
server.livenessProbe.initialDelaySeconds (1)
60
number
server.livenessProbe.path (1)
/v1/sys/health?standbyok=true
string
server.podDisruptionBudget.maxUnavailable (1)
1
number
server.statefulSet.securityContext.container.allowPrivilegeEscalation (1)
false
boolean
server.statefulSet.securityContext.container.capabilities.drop[] (1)
- ALL
string
server.statefulSet.securityContext.container.readOnlyRootFilesystem (1)
true
boolean
server.statefulSet.securityContext.container.runAsNonRoot (1)
true
boolean
server.statefulSet.securityContext.pod.runAsGroup (1)
1000
number
server.statefulSet.securityContext.pod.runAsUser (1)
100
number
server.statefulSet.securityContext.pod.seccompProfile.type (1)
RuntimeDefault
string
server.tolerations (1)
- key: "arm" operator: "Exists"
string
csi.enabled (4)
false
boolean
serverTelemetry.serviceMonitor.enabled (2)
true
boolean
serverTelemetry.serviceMonitor.authorization.credentials.key (1)
TOKEN
string
serverTelemetry.serviceMonitor.authorization.credentials.name (1)
beryju-io-vault-monitoring
string
global.enabled (1)
false
boolean
global.tlsDisable (1)
false
boolean
metrics.enabled (1)
true
boolean
service.enabled (1)
true
boolean