Skip to content

validatedpatterns/hashicorp-vault-chart

Repository files navigation

hashicorp-vault

Version: 0.1.4

A Helm chart to configure Hashicorp's vault.

This chart is used by the Validated Patterns installation script that can be found here

Homepage: https://github.com/validatedpatterns/hashicorp-vault-chart

Maintainers

Name Email Url
Validated Patterns Team validatedpatterns@googlegroups.com

Requirements

Repository Name Version
https://helm.releases.hashicorp.com vault 0.28.1

Values

Key Type Default Description
global object depends on the individual settings The global namespace containes some globally used variables used in patterns
global.localClusterDomain string "apps.foo.cluster.com" The DNS entry for the cluster the chart is being rendered on with the apps. prefix
global.openshift bool true Setting the enforces openshift templates for the vault chart
vault object depends on the individual settings A number of settings passed down to the vault subchart
vault.injector.enabled bool false Vault agent injection support
vault.server.extraEnvironmentVars object {"VAULT_ADDR":"https://vault.vault.svc.cluster.local:8200","VAULT_CACERT":"/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"} Additional environment variables injected in the vault pod
vault.server.extraVolumes list [{"name":"vault-secret","type":"secret"}] Extra volumes that are automatically mounted in the vault pod under /vault/userconfig/
vault.server.image.repository string "registry.connect.redhat.com/hashicorp/vault" Where to fetch the vault images from
vault.server.image.tag string "1.18.3-ubi" Tag to use for the vault image
vault.server.route.enabled bool true Enable route support when exposing the vault
vault.server.route.tls.termination string "reencrypt" Termination type of the vault route
vault.server.service.enabled bool true Enables an associated k8s service when running the vault
vault.server.service.internal.annotations object {"service.beta.openshift.io/serving-cert-secret-name":"vault-secret-internal"} Annotation to inject a secret called vault-secret to the internal service
vault.server.service.nonha.annotations object {"service.beta.openshift.io/serving-cert-secret-name":"vault-secret"} Annotation to inject a secret called vault-secret to the nonha service
vault.server.standalone object {"config":"ui = true\nlistener \"tcp\" {\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n tls_cert_file = \"/vault/userconfig/vault-secret/tls.crt\"\n tls_key_file = \"/vault/userconfig/vault-secret/tls.key\"\n}\nstorage \"file\" {\n path = \"/vault/data\"\n}\n"} Base configuration for the standalone vault server
vault.ui.enabled bool true Vault UI support

Autogenerated from chart metadata using helm-docs v1.14.2

Updating the chart

  1. Edit Chart.yaml with the new version
  2. In the hashicorp-vault folder, run: helm dependency update .
  3. Run ./update-helm-dependency.sh
  4. Check that the images in ./values.yaml are the same version as upstream
  5. Git add the new chart in ./charts/vault-<version>.tgz

Patches

Issue 674

In order to be able to use vault ssl we need to patch the helm chart to fix upstream issue 674.

Make sure to run "./update-helm-dependency.sh" after you updated the subchart (by calling helm dependency update .)

We can drop this local patch when any one the two conditions is true:

  • [1] is fixed in helm and we can require the version that for installs
  • PR#779 is merged in vault-helm and our minimum supported OCP version is OCP 4.11 (route subdomain is broken in OCP < 4.11 due to missing commit

In order to update the CRD, copy the following file from the last released patterns operator version:

cp -v patterns-operator/config/crd/bases/gitops.hybrid-cloud-patterns.io_patterns.yaml ./crds/

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published