innovia/values.yaml

## values.yaml
# Default values for vault.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 3
image:
  repository: vault
  tag: 0.9.3
  pullPolicy: IfNotPresent
service:
  name: vault
  type: ClusterIP
  port: 8200
  clusterPort: 8201
# annotations:
  #   cloud.google.com/load-balancer-type: "Internal"
ingress:
  enabled: false
  # Used to create Ingress record (should used with service.type: ClusterIP).
  # hosts:
  #  - chart-example.local
  # annotations:
  #   kubernetes.io/ingress.class: nginx
  #   kubernetes.io/tls-acme: "true"
  # tls:
  #   Secrets must be manually created in the namespace.
  #   - secretName: chart-example-tls
  #     hosts:
  #       - chart-example.local
resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
vault:
  # Only used to enable dev mode. When in dev mode, the rest of this config
  # section below is not used to configure Vault. See
  # https://www.vaultproject.io/intro/getting-started/dev-server.html for more
  # information.
  dev: false
  # Allows the mounting of various custom secrets th enable production vault
  # configurations. The comments show an example usage for mounting a TLS
  # secret. The two fields required are a secretName indicating the name of
  # the Kuberentes secret (created outside of this chart), and the mountPath
  # at which it should be mounted in the Vault container.
  customSecrets:
  - secretName: consul
    mountPath: /etc/tls

  config:
    # A YAML representation of a final vault config.json file.
    # See https://www.vaultproject.io/docs/configuration/ for more information.
    ha_storage:
      consul:
        address: "consul.default.svc.cluster.local:8443"
        path: "vault"
        scheme: "https"
        tls_ca_file: /etc/tls/ca.pem
        tls_cert_file: /etc/tls/consul.pem
        tls_key_file: /etc/tls/consul-key.pem

    listener:
      tcp:
        address: '[::]:8200'
        tls_disable: 0
        tls_cert_file: /etc/tls/consul.pem
        tls_key_file: /etc/tls/consul-key.pem
        tls_client_ca_file: /etc/tls/ca.pem

    # See https://www.vaultproject.io/docs/configuration/storage/ for storage backends
    storage:
      consul:
        address: "consul.default.svc.cluster.local:8443"
        path: "vault"
        scheme: "https"
        tls_cert_file: /etc/tls/consul.pem
        tls_key_file: /etc/tls/consul-key.pem
        tls_ca_file: /etc/tls/ca.pem
	# Default values for vault.
	# This is a YAML-formatted file.
	# Declare variables to be passed into your templates.
	replicaCount: 3
	image:
	repository: vault
	tag: 0.9.3
	pullPolicy: IfNotPresent
	service:
	name: vault
	type: ClusterIP
	port: 8200
	clusterPort: 8201
	# annotations:
	# cloud.google.com/load-balancer-type: "Internal"
	ingress:
	enabled: false
	# Used to create Ingress record (should used with service.type: ClusterIP).
	# hosts:
	# - chart-example.local
	# annotations:
	# kubernetes.io/ingress.class: nginx
	# kubernetes.io/tls-acme: "true"
	# tls:
	# Secrets must be manually created in the namespace.
	# - secretName: chart-example-tls
	# hosts:
	# - chart-example.local
	resources: {}
	# We usually recommend not to specify default resources and to leave this as a conscious
	# choice for the user. This also increases chances charts run on environments with little
	# resources, such as Minikube. If you do want to specify resources, uncomment the following
	# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
	# limits:
	# cpu: 100m
	# memory: 128Mi
	# requests:
	# cpu: 100m
	# memory: 128Mi
	vault:
	# Only used to enable dev mode. When in dev mode, the rest of this config
	# section below is not used to configure Vault. See
	# https://www.vaultproject.io/intro/getting-started/dev-server.html for more
	# information.
	dev: false
	# Allows the mounting of various custom secrets th enable production vault
	# configurations. The comments show an example usage for mounting a TLS
	# secret. The two fields required are a secretName indicating the name of
	# the Kuberentes secret (created outside of this chart), and the mountPath
	# at which it should be mounted in the Vault container.
	customSecrets:
	- secretName: consul
	mountPath: /etc/tls

	config:
	# A YAML representation of a final vault config.json file.
	# See https://www.vaultproject.io/docs/configuration/ for more information.
	ha_storage:
	consul:
	address: "consul.default.svc.cluster.local:8443"
	path: "vault"
	scheme: "https"
	tls_ca_file: /etc/tls/ca.pem
	tls_cert_file: /etc/tls/consul.pem
	tls_key_file: /etc/tls/consul-key.pem

	listener:
	tcp:
	address: '[::]:8200'
	tls_disable: 0
	tls_cert_file: /etc/tls/consul.pem
	tls_key_file: /etc/tls/consul-key.pem
	tls_client_ca_file: /etc/tls/ca.pem

	# See https://www.vaultproject.io/docs/configuration/storage/ for storage backends
	storage:
	consul:
	address: "consul.default.svc.cluster.local:8443"
	path: "vault"
	scheme: "https"
	tls_cert_file: /etc/tls/consul.pem
	tls_key_file: /etc/tls/consul-key.pem
	tls_ca_file: /etc/tls/ca.pem