services/vault
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

auto unseal with cluster instructions

Browse Source
This commit is contained in:
ducoterra
2021-05-24 00:21:44 -04:00
parent d86bd6c84c
commit b56a8e0c19
11 changed files with 291 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
helm/ha-test.yaml Normal file
View File

@@ -0,0 +1,50 @@
global:
enabled: true
injector:
enabled: false
server:
authDelegator:
enabled: false
ha:
enabled: true
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
dataStorage:
enabled: true
size: 32Gi
storageClass: null
accessMode: ReadWriteOnce
ingress:
enabled: true
hosts:
- host: vault-test.dnet
paths:
- /
tls:
- hosts:
- vault-test.dnet
secretName: vault-test-dnet-cert
ui:
enabled: true
serviceType: ClusterIP

61
helm/ha.yaml Normal file
View File

@@ -0,0 +1,61 @@
global:
enabled: true
server:
extraSecretEnvironmentVars:
- envName: VAULT_TOKEN
secretName: auto-unseal-token
secretKey: VAULT_TOKEN
ha:
enabled: true
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
seal "transit" {
address = "https://pivault.dnet"
disable_renewal = "false"
key_name = "autounseal"
mount_path = "transit/"
tls_skip_verify = "true"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
dataStorage:
enabled: true
size: 32Gi
storageClass: null
accessMode: ReadWriteOnce
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
hosts:
- host: vault.ducoterra.net
paths:
- /
tls:
- hosts:
- vault.ducoterra.net
secretName: vault-tls-cert
ui:
enabled: true
serviceType: ClusterIP

2
helm/pi-values.yaml → helm/pivault.yaml
View File

@@ -31,8 +31,6 @@ server:
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: vault-issuer
hosts:
- host: pivault.dnet
paths:

55
helm/standalone-test.yaml Normal file
View File

@@ -0,0 +1,55 @@
global:
enabled: true
injector:
enabled: false
server:
authDelegator:
enabled: false
standalone:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}
dataStorage:
enabled: true
size: 32Gi
storageClass: null
accessMode: ReadWriteOnce
# volumeMounts:
# - mountPath: /vault/old_data
# name: old-data
# readOnly: true
# volumes:
# - name: old-data
# persistentVolumeClaim:
# claimName: data-vault-transfer-0
ingress:
enabled: true
hosts:
- host: vault-test.dnet
paths:
- /
tls:
- hosts:
- vault-test.dnet
secretName: vault-test-dnet-cert
ui:
enabled: true
serviceType: ClusterIP

27
helm/values.yaml → helm/standalone.yaml
View File

@@ -2,22 +2,6 @@ global:
enabled: true
server:
# ha:
# enabled: true
# config: |
# ui = true
# listener "tcp" {
# address = "[::]:8200"
# cluster_address = "[::]:8201"
# }
# storage "file" {
# path = "/vault/data"
# }
# raft:
# enabled: true
standalone:
enabled: true
@@ -33,12 +17,11 @@ server:
path = "/vault/data"
}
dataStorage:
enabled: true
size: 32Gi
storageClass: null
accessMode: ReadWriteOnce
dataStorage:
enabled: true
size: 32Gi
storageClass: null
accessMode: ReadWriteOnce
ingress:
enabled: true