docs: updating helm configuration (#8973)

Added helm configs that were changed/added in vault-helm 0.5.0. Also corrected the data type of a few config parameters.
2020-05-18 11:08:40 -07:00 · 2020-05-18 11:08:40 -07:00 · b7a9fb8566
parent 6cb26312af
commit b7a9fb8566
1 changed files with 29 additions and 13 deletions
--- a/website/pages/docs/platform/k8s/helm/configuration.mdx
+++ b/website/pages/docs/platform/k8s/helm/configuration.mdx
@ -19,7 +19,7 @@ and consider if they're appropriate for your deployment.

  - `enabled` (`boolean: true`) - The master enabled/disabled configuration. If this is true, most components will be installed by default. If this is false, no components will be installed by default and manually opting-in is required, such as by setting `server.enabled` to true.

-  - `imagePullSecrets` (`string: ""`) - Defines secrets to be used when pulling images from private registries.
+  - `imagePullSecrets` (`array: []`) - References secrets to be used when pulling images from private registries. See [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more details.

    - `name`: (`string: required`) - Name of the secret containing files required for authentication to private image registries.

@ -45,23 +45,30 @@ and consider if they're appropriate for your deployment.

    - `tag` (`string: "1.3.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.

-  - `resources` (`string: ""`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources.<br /> **Setting this is highly recommended.**
+  - `authPath` (`string: "auth/kubernetes"`) - Mount path of the Vault Kubernetes Auth Method.
+
+  - `logLevel` (`string: "info"`) - Configures the log verbosity of the injector. Supported log levels: trace, debug, error, warn, info.
+
+  - `logFormat` (`string: "standard"`) - Configures the log format of the injector. Supported log formats: "standard", "json".
+
+  - `revokeOnShutdown` (`boolean: false`) - Configures all Vault Agent sidecars to revoke their token when shutting down.
+
+  - `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources.<br /> **Setting this is highly recommended.**

    ```yaml
-    # Resources are defined as a formatted multi-line string:
-    resources: |
+    resources:
      requests:
        memory: "10Gi"
      limits:
        memory: "10Gi"
    ```

-  - `namespaceSelector` (`string: ""`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection.
+  - `namespaceSelector` (`dictionary: {}`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection.

    ```yaml
-    # Selectors are defined as a formatted multi-line string.
+    # Selectors are defined as a YAML dictionary.
    # In this example, all namespaces with the label "injection: enabled" are eligible:
-    namespaceSelector: |
+    namespaceSelector:
      matchLabels:
        injection: enabled
    ```
@ -76,6 +83,14 @@ and consider if they're appropriate for your deployment.

    - `keyName` (`string: "tls.key"`) - The name of the key file within the `secretName` secret.

+  - `extraEnvironmentVars` (`dictionary: {}`) - Extra environment variables to set in the injector deployment.
+
+  - `affinity` (`string: null`) - Affinity Settings for injector pods. This should be a multi-line string matching the affinity section of a PodSpec.
+
+  - `tolerations` (`string: null`) - Toleration Settings for injector pods. This should be a multi-line string matching the Toleration array in a PodSpec.
+
+  - `nodeSelector` (`string: null`) - nodeSelector labels for injector pod assignment, formatted as a muli-line string.
+
 - `server` - Values that configure running a Vault server within Kubernetes.

  - `image` - Values that configure the Vault Docker image.
@ -88,11 +103,10 @@ and consider if they're appropriate for your deployment.

    - `updateStrategyType` (`string: "OnDelete"`) - Configure the [Update Strategy Type](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) for the StatefulSet.

-    - `resources` (`string: null`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources. **Setting this is highly recommended.**
+    - `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources. **Setting this is highly recommended.**

      ```yaml
-      # Resources are defined as a formatted multi-line string:
-      resources: |
+      resources:
        requests:
          memory: "10Gi"
        limits:
@ -103,6 +117,8 @@ and consider if they're appropriate for your deployment.

      - `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created.

+      - `labels` (`dictionary: {}`) - Labels for the ingress service.
+
      - `annotations` (`string`) - This value defines additional annotations to add to the Ingress service. This should be formatted as a multi-line string.

      ```yaml
@ -178,7 +194,7 @@ and consider if they're appropriate for your deployment.
        env: ...
    ```

-    - `extraEnvironmentVars` - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
+    - `extraEnvironmentVars` (`dictionary: {}`) - The extra environment variables to be applied to the Vault server.

    ```yaml
    # Extra Environment Variables are defined as key/value strings.
@ -268,10 +284,10 @@ and consider if they're appropriate for your deployment.
      disktype: ssd
    ```

-    - `extraLabels` - This value defines additional labels for server pods. This should be formatted as a multi-line string.
+    - `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods.

    ```yaml
-    extraLabels: |
+    extraLabels:
      "sample/label1": "foo"
      "sample/label2": "bar"
    ```