-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
79 lines (67 loc) · 2.31 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
vaultInit:
# If configureKubernetesAuth is true, clusterName will be used for the auth
# engine, secret engine, policy, and role names. If configureKubernetesAuth
# is not true, this value is ignored.
clusterName: kubernetes
# Automatically configure Vault with a Kubernetes type auth engine, kv secret
# engine, policy, and role.
configureKubernetesAuth: true
# Name of the helm deployment
# TODO: Remove this. Should be able to use .Release.Name instead
helmDeploymentName: vault-server
# Do not execute /tmp/scripts/init.sh on pod start. This is useful for
# debugging the init script. To manually execute init.sh, get a shell in the
# pod and run: `export PAUSE_INIT=false && /bin/bash /tmp/scripts/init.sh`
pauseInit: false
# Values relating to installation and configuration of Vault Config Operator
# https://github.com/redhat-cop/vault-config-operator
vaultConfigOperator:
# Automatically configure Vault with an admin account to use with Vault
# Config Operator. This will create an auth engine, policy, and role for
# Vault Config Operator to use.
configureVCO: false
# Install the Vault Config Operator
installVCO: false
# name will be used as the auth engine, policy, and role name in
# Vault. If configureVCO is false, this value is ignored.
name: vault-config-operator
# Values under vault are passed to the Hashicorp Vault chart.
# https://github.com/hashicorp/vault-helm
vault:
global:
openshift: true
ui:
enabled: true
injector:
image:
repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
tag: "0.17.0-ubi"
agentImage:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.11.2-ubi"
server:
# extraEnvironmentVars:
# PAUSE_INIT: "true"
dataStorage:
enabled: true
image:
repository: "registry.connect.redhat.com/hashicorp/vault"
tag: "1.11.2-ubi"
ha:
enabled: false
postStart:
- "/bin/bash"
- "/tmp/scripts/init.sh"
route:
enabled: true
# This will be injected from the VAULT_SERVER_HOSTNAME env variable
# host: ...
tls:
termination: edge
volumes:
- name: init-script
configMap:
name: init-script
volumeMounts:
- mountPath: /tmp/scripts
name: init-script