Created
February 11, 2018 19:10
-
-
Save innovia/67a8efa87a73de4258c24dc480ac1fb9 to your computer and use it in GitHub Desktop.
Vault chart values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Default values for vault. | |
# This is a YAML-formatted file. | |
# Declare variables to be passed into your templates. | |
replicaCount: 3 | |
image: | |
repository: vault | |
tag: 0.9.3 | |
pullPolicy: IfNotPresent | |
service: | |
name: vault | |
type: ClusterIP | |
port: 8200 | |
clusterPort: 8201 | |
# annotations: | |
# cloud.google.com/load-balancer-type: "Internal" | |
ingress: | |
enabled: false | |
# Used to create Ingress record (should used with service.type: ClusterIP). | |
# hosts: | |
# - chart-example.local | |
# annotations: | |
# kubernetes.io/ingress.class: nginx | |
# kubernetes.io/tls-acme: "true" | |
# tls: | |
# Secrets must be manually created in the namespace. | |
# - secretName: chart-example-tls | |
# hosts: | |
# - chart-example.local | |
resources: {} | |
# We usually recommend not to specify default resources and to leave this as a conscious | |
# choice for the user. This also increases chances charts run on environments with little | |
# resources, such as Minikube. If you do want to specify resources, uncomment the following | |
# lines, adjust them as necessary, and remove the curly braces after 'resources:'. | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
# requests: | |
# cpu: 100m | |
# memory: 128Mi | |
vault: | |
# Only used to enable dev mode. When in dev mode, the rest of this config | |
# section below is not used to configure Vault. See | |
# https://www.vaultproject.io/intro/getting-started/dev-server.html for more | |
# information. | |
dev: false | |
# Allows the mounting of various custom secrets th enable production vault | |
# configurations. The comments show an example usage for mounting a TLS | |
# secret. The two fields required are a secretName indicating the name of | |
# the Kuberentes secret (created outside of this chart), and the mountPath | |
# at which it should be mounted in the Vault container. | |
customSecrets: | |
- secretName: consul | |
mountPath: /etc/tls | |
config: | |
# A YAML representation of a final vault config.json file. | |
# See https://www.vaultproject.io/docs/configuration/ for more information. | |
ha_storage: | |
consul: | |
address: "consul.default.svc.cluster.local:8443" | |
path: "vault" | |
scheme: "https" | |
tls_ca_file: /etc/tls/ca.pem | |
tls_cert_file: /etc/tls/consul.pem | |
tls_key_file: /etc/tls/consul-key.pem | |
listener: | |
tcp: | |
address: '[::]:8200' | |
tls_disable: 0 | |
tls_cert_file: /etc/tls/consul.pem | |
tls_key_file: /etc/tls/consul-key.pem | |
tls_client_ca_file: /etc/tls/ca.pem | |
# See https://www.vaultproject.io/docs/configuration/storage/ for storage backends | |
storage: | |
consul: | |
address: "consul.default.svc.cluster.local:8443" | |
path: "vault" | |
scheme: "https" | |
tls_cert_file: /etc/tls/consul.pem | |
tls_key_file: /etc/tls/consul-key.pem | |
tls_ca_file: /etc/tls/ca.pem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment