From b7a9fb85665e0461dc55fdf5433358b4816825a1 Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Mon, 18 May 2020 11:08:40 -0700 Subject: [PATCH] docs: updating helm configuration (#8973) Added helm configs that were changed/added in vault-helm 0.5.0. Also corrected the data type of a few config parameters. --- .../docs/platform/k8s/helm/configuration.mdx | 42 +++++++++++++------ 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/website/pages/docs/platform/k8s/helm/configuration.mdx b/website/pages/docs/platform/k8s/helm/configuration.mdx index b2c138534..e69564a6c 100644 --- a/website/pages/docs/platform/k8s/helm/configuration.mdx +++ b/website/pages/docs/platform/k8s/helm/configuration.mdx @@ -19,7 +19,7 @@ and consider if they're appropriate for your deployment. - `enabled` (`boolean: true`) - The master enabled/disabled configuration. If this is true, most components will be installed by default. If this is false, no components will be installed by default and manually opting-in is required, such as by setting `server.enabled` to true. - - `imagePullSecrets` (`string: ""`) - Defines secrets to be used when pulling images from private registries. + - `imagePullSecrets` (`array: []`) - References secrets to be used when pulling images from private registries. See [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more details. - `name`: (`string: required`) - Name of the secret containing files required for authentication to private image registries. @@ -45,23 +45,30 @@ and consider if they're appropriate for your deployment. - `tag` (`string: "1.3.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**. - - `resources` (`string: ""`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources.
**Setting this is highly recommended.** + - `authPath` (`string: "auth/kubernetes"`) - Mount path of the Vault Kubernetes Auth Method. + + - `logLevel` (`string: "info"`) - Configures the log verbosity of the injector. Supported log levels: trace, debug, error, warn, info. + + - `logFormat` (`string: "standard"`) - Configures the log format of the injector. Supported log formats: "standard", "json". + + - `revokeOnShutdown` (`boolean: false`) - Configures all Vault Agent sidecars to revoke their token when shutting down. + + - `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources.
**Setting this is highly recommended.** ```yaml - # Resources are defined as a formatted multi-line string: - resources: | + resources: requests: memory: "10Gi" limits: memory: "10Gi" ``` - - `namespaceSelector` (`string: ""`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection. + - `namespaceSelector` (`dictionary: {}`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection. ```yaml - # Selectors are defined as a formatted multi-line string. + # Selectors are defined as a YAML dictionary. # In this example, all namespaces with the label "injection: enabled" are eligible: - namespaceSelector: | + namespaceSelector: matchLabels: injection: enabled ``` @@ -76,6 +83,14 @@ and consider if they're appropriate for your deployment. - `keyName` (`string: "tls.key"`) - The name of the key file within the `secretName` secret. + - `extraEnvironmentVars` (`dictionary: {}`) - Extra environment variables to set in the injector deployment. + + - `affinity` (`string: null`) - Affinity Settings for injector pods. This should be a multi-line string matching the affinity section of a PodSpec. + + - `tolerations` (`string: null`) - Toleration Settings for injector pods. This should be a multi-line string matching the Toleration array in a PodSpec. + + - `nodeSelector` (`string: null`) - nodeSelector labels for injector pod assignment, formatted as a muli-line string. + - `server` - Values that configure running a Vault server within Kubernetes. - `image` - Values that configure the Vault Docker image. @@ -88,11 +103,10 @@ and consider if they're appropriate for your deployment. - `updateStrategyType` (`string: "OnDelete"`) - Configure the [Update Strategy Type](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) for the StatefulSet. - - `resources` (`string: null`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources. **Setting this is highly recommended.** + - `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources. **Setting this is highly recommended.** ```yaml - # Resources are defined as a formatted multi-line string: - resources: | + resources: requests: memory: "10Gi" limits: @@ -103,6 +117,8 @@ and consider if they're appropriate for your deployment. - `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created. + - `labels` (`dictionary: {}`) - Labels for the ingress service. + - `annotations` (`string`) - This value defines additional annotations to add to the Ingress service. This should be formatted as a multi-line string. ```yaml @@ -178,7 +194,7 @@ and consider if they're appropriate for your deployment. env: ... ``` - - `extraEnvironmentVars` - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string. + - `extraEnvironmentVars` (`dictionary: {}`) - The extra environment variables to be applied to the Vault server. ```yaml # Extra Environment Variables are defined as key/value strings. @@ -268,10 +284,10 @@ and consider if they're appropriate for your deployment. disktype: ssd ``` - - `extraLabels` - This value defines additional labels for server pods. This should be formatted as a multi-line string. + - `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods. ```yaml - extraLabels: | + extraLabels: "sample/label1": "foo" "sample/label2": "bar" ```