docs: update k8s helm doc (#7279)

This commit is contained in:
Jason O'Donnell 2019-08-08 17:05:01 -04:00 committed by GitHub
parent e4b9efd37f
commit ac16dec5c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 16 deletions

View file

@ -52,7 +52,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
$ cd vault-helm $ cd vault-helm
# Checkout a tagged version # Checkout a tagged version
$ git checkout v0.1.0 $ git checkout v0.1.1
# Run Helm # Run Helm
$ helm install --dry-run ./ $ helm install --dry-run ./
@ -85,6 +85,10 @@ and consider if they're appropriate for your deployment.
memory: "10Gi" memory: "10Gi"
``` ```
* `authDelegator` - Values that configure the Cluster Role Binding attached to the Vault service account.
* `enabled` (`boolean: false`) - When set to `true`, a Cluster Role Binding will be bound to the Vault service account. This Cluster Role Binding has the necessary privileges for Vault to use the [Kubernetes Auth Method](/docs/auth/kubernetes.html).
* `extraEnvironmentVars` (`string: null`) - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string. * `extraEnvironmentVars` (`string: null`) - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
```yaml ```yaml
@ -150,6 +154,12 @@ and consider if they're appropriate for your deployment.
"sample/annotation2": "bar" "sample/annotation2": "bar"
``` ```
* `service` - Values that configure the Kubernetes service created for Vault.
* `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
* `clusterIP` (`string`) - ClusterIP controls whether an IP address (cluster IP) is attached to the Vault service within Kubernetes. By default the Vault service will be given a Cluster IP address, set to `None` to disable. When disabled Kubernetes will create a "headless" service. Headless services can be used to communicate with pods directly through DNS instead of a round robin load balancer.
* `extraVolumes` - This configures the `Service` resource created for the Vault server. * `extraVolumes` - This configures the `Service` resource created for the Vault server.
- `enabled` (`boolean: true`) - - `enabled` (`boolean: true`) -
@ -292,18 +302,19 @@ The below `values.yaml` can be used to set up a single server Vault cluster with
```yaml ```yaml
global: global:
enabled: true enabled: true
image: "vault:1.2.0" image: "vault:1.2.1"
server: server:
standalone: standalone:
enabled: true enabled: true
config: | config: |
api_addr = "http://POD_IP:8200" ui = true
listener "tcp" {
tls_disable = true
address = "0.0.0.0:8200"
}
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" { storage "file" {
path = "/vault/data" path = "/vault/data"
} }
@ -331,7 +342,7 @@ certificate authority:
```yaml ```yaml
global: global:
enabled: true enabled: true
image: "vault:1.2.0" image: "vault:1.2.1"
server: server:
extraVolumes: extraVolumes:
@ -344,12 +355,12 @@ server:
standalone: standalone:
enabled: true enabled: true
config: | config: |
api_addr = "https://POD_IP:8200"
listener "tcp" { listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key" tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
tls_client_ca_file = "/vault/userconfig/vault-server-tls/vault.ca" tls_client_ca_file = "/vault/userconfig/vault-server-tls/vault.ca"
address = "0.0.0.0:8200"
} }
storage "file" { storage "file" {
@ -374,16 +385,16 @@ auditing enabled.
```yaml ```yaml
global: global:
enabled: true enabled: true
image: "vault:1.2.0" image: "vault:1.2.1"
server: server:
standalone: standalone:
enabled: true enabled: true
config: | config: |
api_addr = "http://POD_IP:8200"
listener "tcp" { listener "tcp" {
tls_disable = true tls_disable = true
address = "0.0.0.0:8200" address = "[::]:8200"
cluster_address = "[::]:8201"
} }
storage "file" { storage "file" {
@ -453,11 +464,13 @@ server:
config: | config: |
ui = true ui = true
api_addr = "http://POD_IP:8200"
listener "tcp" { listener "tcp" {
tls_disable = 1 tls_disable = 1
address = "0.0.0.0:8200" address = "[::]:8200"
cluster_address = "[::]:8201"
} }
storage "consul" { storage "consul" {
path = "vault" path = "vault"
address = "HOST_IP:8500" address = "HOST_IP:8500"

View file

@ -15,6 +15,9 @@ within Kubernetes.
This page starts with a large how-to section for various specific tasks. This page starts with a large how-to section for various specific tasks.
!> **IMPORTANT NOTE:** Vault Enterprise is currently not supported. We are actively
working a version for Vault Enterprise and it will be available in the future.
## Helm Chart ## Helm Chart
The [Vault Helm chart](https://github.com/hashicorp/vault-helm) The [Vault Helm chart](https://github.com/hashicorp/vault-helm)
@ -57,7 +60,7 @@ $ git clone https://github.com/hashicorp/vault-helm.git
$ cd vault-helm $ cd vault-helm
# Checkout a tagged version # Checkout a tagged version
$ git checkout v0.1.0 $ git checkout v0.1.1
# Run Helm # Run Helm
$ helm install --name vault ./ $ helm install --name vault ./