auto unseal with cluster instructions
This commit is contained in:
ducoterra
61
helm/ha.yaml
Normal file
61
helm/ha.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
global:
|
||||
enabled: true
|
||||
|
||||
server:
|
||||
|
||||
extraSecretEnvironmentVars:
|
||||
- envName: VAULT_TOKEN
|
||||
secretName: auto-unseal-token
|
||||
secretKey: VAULT_TOKEN
|
||||
|
||||
ha:
|
||||
enabled: true
|
||||
raft:
|
||||
enabled: true
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
}
|
||||
|
||||
seal "transit" {
|
||||
address = "https://pivault.dnet"
|
||||
disable_renewal = "false"
|
||||
key_name = "autounseal"
|
||||
mount_path = "transit/"
|
||||
tls_skip_verify = "true"
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/vault/data"
|
||||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
|
||||
dataStorage:
|
||||
enabled: true
|
||||
size: 32Gi
|
||||
storageClass: null
|
||||
accessMode: ReadWriteOnce
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
kubernetes.io/ingress.class: nginx
|
||||
hosts:
|
||||
- host: vault.ducoterra.net
|
||||
paths:
|
||||
- /
|
||||
|
||||
tls:
|
||||
- hosts:
|
||||
- vault.ducoterra.net
|
||||
secretName: vault-tls-cert
|
||||
|
||||
ui:
|
||||
enabled: true
|
||||
serviceType: ClusterIP
|
||||
Reference in New Issue
Block a user