docs: updating helm configuration (#8973)
Added helm configs that were changed/added in vault-helm 0.5.0. Also corrected the data type of a few config parameters.
This commit is contained in:
parent
6cb26312af
commit
b7a9fb8566
|
@ -19,7 +19,7 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `enabled` (`boolean: true`) - The master enabled/disabled configuration. If this is true, most components will be installed by default. If this is false, no components will be installed by default and manually opting-in is required, such as by setting `server.enabled` to true.
|
- `enabled` (`boolean: true`) - The master enabled/disabled configuration. If this is true, most components will be installed by default. If this is false, no components will be installed by default and manually opting-in is required, such as by setting `server.enabled` to true.
|
||||||
|
|
||||||
- `imagePullSecrets` (`string: ""`) - Defines secrets to be used when pulling images from private registries.
|
- `imagePullSecrets` (`array: []`) - References secrets to be used when pulling images from private registries. See [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more details.
|
||||||
|
|
||||||
- `name`: (`string: required`) - Name of the secret containing files required for authentication to private image registries.
|
- `name`: (`string: required`) - Name of the secret containing files required for authentication to private image registries.
|
||||||
|
|
||||||
|
@ -45,23 +45,30 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `tag` (`string: "1.3.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
|
- `tag` (`string: "1.3.1"`) - The tag of the Vault Docker image to use for the Vault Agent Sidecar. **Vault 1.3.1+ is required by the admission controller**.
|
||||||
|
|
||||||
- `resources` (`string: ""`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources.<br /> **Setting this is highly recommended.**
|
- `authPath` (`string: "auth/kubernetes"`) - Mount path of the Vault Kubernetes Auth Method.
|
||||||
|
|
||||||
|
- `logLevel` (`string: "info"`) - Configures the log verbosity of the injector. Supported log levels: trace, debug, error, warn, info.
|
||||||
|
|
||||||
|
- `logFormat` (`string: "standard"`) - Configures the log format of the injector. Supported log formats: "standard", "json".
|
||||||
|
|
||||||
|
- `revokeOnShutdown` (`boolean: false`) - Configures all Vault Agent sidecars to revoke their token when shutting down.
|
||||||
|
|
||||||
|
- `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources.<br /> **Setting this is highly recommended.**
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Resources are defined as a formatted multi-line string:
|
resources:
|
||||||
resources: |
|
|
||||||
requests:
|
requests:
|
||||||
memory: "10Gi"
|
memory: "10Gi"
|
||||||
limits:
|
limits:
|
||||||
memory: "10Gi"
|
memory: "10Gi"
|
||||||
```
|
```
|
||||||
|
|
||||||
- `namespaceSelector` (`string: ""`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection.
|
- `namespaceSelector` (`dictionary: {}`) - The selector used by the admission webhook controller to limit what namespaces where injection can happen. If set to null, all non-system namespaces are eligible for injection.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Selectors are defined as a formatted multi-line string.
|
# Selectors are defined as a YAML dictionary.
|
||||||
# In this example, all namespaces with the label "injection: enabled" are eligible:
|
# In this example, all namespaces with the label "injection: enabled" are eligible:
|
||||||
namespaceSelector: |
|
namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
injection: enabled
|
injection: enabled
|
||||||
```
|
```
|
||||||
|
@ -76,6 +83,14 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `keyName` (`string: "tls.key"`) - The name of the key file within the `secretName` secret.
|
- `keyName` (`string: "tls.key"`) - The name of the key file within the `secretName` secret.
|
||||||
|
|
||||||
|
- `extraEnvironmentVars` (`dictionary: {}`) - Extra environment variables to set in the injector deployment.
|
||||||
|
|
||||||
|
- `affinity` (`string: null`) - Affinity Settings for injector pods. This should be a multi-line string matching the affinity section of a PodSpec.
|
||||||
|
|
||||||
|
- `tolerations` (`string: null`) - Toleration Settings for injector pods. This should be a multi-line string matching the Toleration array in a PodSpec.
|
||||||
|
|
||||||
|
- `nodeSelector` (`string: null`) - nodeSelector labels for injector pod assignment, formatted as a muli-line string.
|
||||||
|
|
||||||
- `server` - Values that configure running a Vault server within Kubernetes.
|
- `server` - Values that configure running a Vault server within Kubernetes.
|
||||||
|
|
||||||
- `image` - Values that configure the Vault Docker image.
|
- `image` - Values that configure the Vault Docker image.
|
||||||
|
@ -88,11 +103,10 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `updateStrategyType` (`string: "OnDelete"`) - Configure the [Update Strategy Type](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) for the StatefulSet.
|
- `updateStrategyType` (`string: "OnDelete"`) - Configure the [Update Strategy Type](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies) for the StatefulSet.
|
||||||
|
|
||||||
- `resources` (`string: null`) - The resource requests and limits (CPU, memory, etc.) for each of the server. This should be a multi-line string mapping directly to a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources. **Setting this is highly recommended.**
|
- `resources` (`dictionary: {}`) - The resource requests and limits (CPU, memory, etc.) for each container of the server. This should be a YAML dictionary of a Kubernetes [ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#resourcerequirements-v1-core) object. If this isn't specified, then the pods won't request any specific amount of resources, which limits the ability for Kubernetes to make efficient use of compute resources. **Setting this is highly recommended.**
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Resources are defined as a formatted multi-line string:
|
resources:
|
||||||
resources: |
|
|
||||||
requests:
|
requests:
|
||||||
memory: "10Gi"
|
memory: "10Gi"
|
||||||
limits:
|
limits:
|
||||||
|
@ -103,6 +117,8 @@ and consider if they're appropriate for your deployment.
|
||||||
|
|
||||||
- `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created.
|
- `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created.
|
||||||
|
|
||||||
|
- `labels` (`dictionary: {}`) - Labels for the ingress service.
|
||||||
|
|
||||||
- `annotations` (`string`) - This value defines additional annotations to add to the Ingress service. This should be formatted as a multi-line string.
|
- `annotations` (`string`) - This value defines additional annotations to add to the Ingress service. This should be formatted as a multi-line string.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -178,7 +194,7 @@ and consider if they're appropriate for your deployment.
|
||||||
env: ...
|
env: ...
|
||||||
```
|
```
|
||||||
|
|
||||||
- `extraEnvironmentVars` - The extra environment variables to be applied to the Vault server. This should be a multi-line key/value string.
|
- `extraEnvironmentVars` (`dictionary: {}`) - The extra environment variables to be applied to the Vault server.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Extra Environment Variables are defined as key/value strings.
|
# Extra Environment Variables are defined as key/value strings.
|
||||||
|
@ -268,10 +284,10 @@ and consider if they're appropriate for your deployment.
|
||||||
disktype: ssd
|
disktype: ssd
|
||||||
```
|
```
|
||||||
|
|
||||||
- `extraLabels` - This value defines additional labels for server pods. This should be formatted as a multi-line string.
|
- `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
extraLabels: |
|
extraLabels:
|
||||||
"sample/label1": "foo"
|
"sample/label1": "foo"
|
||||||
"sample/label2": "bar"
|
"sample/label2": "bar"
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue