docs: update k8s helm doc (#7279)
This commit is contained in:
parent
e4b9efd37f
commit
ac16dec5c4
|
@ -52,7 +52,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
|
||||||
$ cd vault-helm
|
$ cd vault-helm
|
||||||
|
|
||||||
# Checkout a tagged version
|
# Checkout a tagged version
|
||||||
$ git checkout v0.1.0
|
$ git checkout v0.1.1
|
||||||
|
|
||||||
# Run Helm
|
# Run Helm
|
||||||
$ helm install --dry-run ./
|
$ helm install --dry-run ./
|
||||||
|
@ -85,6 +85,10 @@ and consider if they're appropriate for your deployment.
|
||||||
memory: "10Gi"
|
memory: "10Gi"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* `authDelegator` - Values that configure the Cluster Role Binding attached to the Vault service account.
|
||||||
|
|
||||||
|
* `enabled` (`boolean: false`) - When set to `true`, a Cluster Role Binding will be bound to the Vault service account. This Cluster Role Binding has the necessary privileges for Vault to use the [Kubernetes Auth Method](/docs/auth/kubernetes.html).
|
||||||
|
|
||||||
* `extraEnvironmentVars` (`string: null`) - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
|
* `extraEnvironmentVars` (`string: null`) - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -150,6 +154,12 @@ and consider if they're appropriate for your deployment.
|
||||||
"sample/annotation2": "bar"
|
"sample/annotation2": "bar"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* `service` - Values that configure the Kubernetes service created for Vault.
|
||||||
|
|
||||||
|
* `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
|
||||||
|
|
||||||
|
* `clusterIP` (`string`) - ClusterIP controls whether an IP address (cluster IP) is attached to the Vault service within Kubernetes. By default the Vault service will be given a Cluster IP address, set to `None` to disable. When disabled Kubernetes will create a "headless" service. Headless services can be used to communicate with pods directly through DNS instead of a round robin load balancer.
|
||||||
|
|
||||||
* `extraVolumes` - This configures the `Service` resource created for the Vault server.
|
* `extraVolumes` - This configures the `Service` resource created for the Vault server.
|
||||||
|
|
||||||
- `enabled` (`boolean: true`) -
|
- `enabled` (`boolean: true`) -
|
||||||
|
@ -292,18 +302,19 @@ The below `values.yaml` can be used to set up a single server Vault cluster with
|
||||||
```yaml
|
```yaml
|
||||||
global:
|
global:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: "vault:1.2.0"
|
image: "vault:1.2.1"
|
||||||
|
|
||||||
server:
|
server:
|
||||||
standalone:
|
standalone:
|
||||||
enabled: true
|
enabled: true
|
||||||
config: |
|
config: |
|
||||||
api_addr = "http://POD_IP:8200"
|
ui = true
|
||||||
listener "tcp" {
|
|
||||||
tls_disable = true
|
|
||||||
address = "0.0.0.0:8200"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
listener "tcp" {
|
||||||
|
tls_disable = 1
|
||||||
|
address = "[::]:8200"
|
||||||
|
cluster_address = "[::]:8201"
|
||||||
|
}
|
||||||
storage "file" {
|
storage "file" {
|
||||||
path = "/vault/data"
|
path = "/vault/data"
|
||||||
}
|
}
|
||||||
|
@ -331,7 +342,7 @@ certificate authority:
|
||||||
```yaml
|
```yaml
|
||||||
global:
|
global:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: "vault:1.2.0"
|
image: "vault:1.2.1"
|
||||||
|
|
||||||
server:
|
server:
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
|
@ -344,12 +355,12 @@ server:
|
||||||
standalone:
|
standalone:
|
||||||
enabled: true
|
enabled: true
|
||||||
config: |
|
config: |
|
||||||
api_addr = "https://POD_IP:8200"
|
|
||||||
listener "tcp" {
|
listener "tcp" {
|
||||||
|
address = "[::]:8200"
|
||||||
|
cluster_address = "[::]:8201"
|
||||||
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
|
||||||
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
|
||||||
tls_client_ca_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
tls_client_ca_file = "/vault/userconfig/vault-server-tls/vault.ca"
|
||||||
address = "0.0.0.0:8200"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
storage "file" {
|
storage "file" {
|
||||||
|
@ -374,16 +385,16 @@ auditing enabled.
|
||||||
```yaml
|
```yaml
|
||||||
global:
|
global:
|
||||||
enabled: true
|
enabled: true
|
||||||
image: "vault:1.2.0"
|
image: "vault:1.2.1"
|
||||||
|
|
||||||
server:
|
server:
|
||||||
standalone:
|
standalone:
|
||||||
enabled: true
|
enabled: true
|
||||||
config: |
|
config: |
|
||||||
api_addr = "http://POD_IP:8200"
|
|
||||||
listener "tcp" {
|
listener "tcp" {
|
||||||
tls_disable = true
|
tls_disable = true
|
||||||
address = "0.0.0.0:8200"
|
address = "[::]:8200"
|
||||||
|
cluster_address = "[::]:8201"
|
||||||
}
|
}
|
||||||
|
|
||||||
storage "file" {
|
storage "file" {
|
||||||
|
@ -453,11 +464,13 @@ server:
|
||||||
|
|
||||||
config: |
|
config: |
|
||||||
ui = true
|
ui = true
|
||||||
api_addr = "http://POD_IP:8200"
|
|
||||||
listener "tcp" {
|
listener "tcp" {
|
||||||
tls_disable = 1
|
tls_disable = 1
|
||||||
address = "0.0.0.0:8200"
|
address = "[::]:8200"
|
||||||
|
cluster_address = "[::]:8201"
|
||||||
}
|
}
|
||||||
|
|
||||||
storage "consul" {
|
storage "consul" {
|
||||||
path = "vault"
|
path = "vault"
|
||||||
address = "HOST_IP:8500"
|
address = "HOST_IP:8500"
|
||||||
|
|
|
@ -15,6 +15,9 @@ within Kubernetes.
|
||||||
|
|
||||||
This page starts with a large how-to section for various specific tasks.
|
This page starts with a large how-to section for various specific tasks.
|
||||||
|
|
||||||
|
!> **IMPORTANT NOTE:** Vault Enterprise is currently not supported. We are actively
|
||||||
|
working a version for Vault Enterprise and it will be available in the future.
|
||||||
|
|
||||||
## Helm Chart
|
## Helm Chart
|
||||||
|
|
||||||
The [Vault Helm chart](https://github.com/hashicorp/vault-helm)
|
The [Vault Helm chart](https://github.com/hashicorp/vault-helm)
|
||||||
|
@ -57,7 +60,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
|
||||||
$ cd vault-helm
|
$ cd vault-helm
|
||||||
|
|
||||||
# Checkout a tagged version
|
# Checkout a tagged version
|
||||||
$ git checkout v0.1.0
|
$ git checkout v0.1.1
|
||||||
|
|
||||||
# Run Helm
|
# Run Helm
|
||||||
$ helm install --name vault ./
|
$ helm install --name vault ./
|
||||||
|
|
Loading…
Reference in a new issue