luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

docs: update k8s helm doc (#7279)

This commit is contained in:
Jason O'Donnell 2019-08-08 17:05:01 -04:00 committed by GitHub
parent e4b9efd37f
commit ac16dec5c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
website/source/docs/platform/k8s/helm.html.md
View File

@ -52,7 +52,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
$ cd vault-helm
# Checkout a tagged version
$ git checkout v0.1.0
$ git checkout v0.1.1
# Run Helm
$ helm install --dry-run ./
@ -85,6 +85,10 @@ and consider if they're appropriate for your deployment.
memory: "10Gi"
```
* `authDelegator` - Values that configure the Cluster Role Binding attached to the Vault service account.
* `enabled` (`boolean: false`) - When set to `true`, a Cluster Role Binding will be bound to the Vault service account. This Cluster Role Binding has the necessary privileges for Vault to use the [Kubernetes Auth Method](/docs/auth/kubernetes.html).
* `extraEnvironmentVars` (`string: null`) - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
```yaml
@ -150,6 +154,12 @@ and consider if they're appropriate for your deployment.
"sample/annotation2": "bar"
```
* `service` - Values that configure the Kubernetes service created for Vault.
* `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
* `clusterIP` (`string`) - ClusterIP controls whether an IP address (cluster IP) is attached to the Vault service within Kubernetes. By default the Vault service will be given a Cluster IP address, set to `None` to disable. When disabled Kubernetes will create a "headless" service. Headless services can be used to communicate with pods directly through DNS instead of a round robin load balancer.
* `extraVolumes` - This configures the `Service` resource created for the Vault server.
- `enabled` (`boolean: true`) -
@ -292,18 +302,19 @@ The below `values.yaml` can be used to set up a single server Vault cluster with
```yaml
global:
enabled: true
image: "vault:1.2.0"
image: "vault:1.2.1"
server:
standalone:
enabled: true
config: |
api_addr = "http://POD_IP:8200"
listener "tcp" {
tls_disable = true
address = "0.0.0.0:8200"
}
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}
@ -331,7 +342,7 @@ certificate authority:
```yaml
global:
enabled: true
image: "vault:1.2.0"
image: "vault:1.2.1"
server:
extraVolumes:
@ -344,12 +355,12 @@ server:
standalone:
enabled: true
config: |
api_addr = "https://POD_IP:8200"
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
tls_client_ca_file = "/vault/userconfig/vault-server-tls/vault.ca"
address = "0.0.0.0:8200"
}
storage "file" {
@ -374,16 +385,16 @@ auditing enabled.
```yaml
global:
enabled: true
image: "vault:1.2.0"
image: "vault:1.2.1"
server:
standalone:
enabled: true
config: |
api_addr = "http://POD_IP:8200"
listener "tcp" {
tls_disable = true
address = "0.0.0.0:8200"
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
@ -453,11 +464,13 @@ server:
config: |
ui = true
api_addr = "http://POD_IP:8200"
listener "tcp" {
tls_disable = 1
address = "0.0.0.0:8200"
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "consul" {
path = "vault"
address = "HOST_IP:8500"

5
website/source/docs/platform/k8s/run.html.md
View File

@ -15,6 +15,9 @@ within Kubernetes.
This page starts with a large how-to section for various specific tasks.
!> **IMPORTANT NOTE:** Vault Enterprise is currently not supported. We are actively
working a version for Vault Enterprise and it will be available in the future.
## Helm Chart
The [Vault Helm chart](https://github.com/hashicorp/vault-helm)
@ -57,7 +60,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
$ cd vault-helm
# Checkout a tagged version
$ git checkout v0.1.0
$ git checkout v0.1.1
# Run Helm
$ helm install --name vault ./