vault: &vault_config global: enabled: false server: enabled: true logLevel: trace auditStorage: enabled: true ingress: enabled: true annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.duckdns.org traefik.ingress.kubernetes.io/router.middlewares: localIp@file hosts: - host: vault.arcodange.duckdns.org paths: [] postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml standalone: enabled: true config: |- ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" cluster_address = "[::]:8201" # Enable unauthenticated metrics access (necessary for Prometheus Operator) #telemetry { # unauthenticated_metrics_access = "true" #} } storage "file" { path = "/vault/data" } # Example configuration for enabling Prometheus metrics in your config. #telemetry { # prometheus_retention_time = "30s" # disable_hostname = true #} ui: enabled: true annotations: {} vault-secrets-operator: defaultVaultConnection: enabled: true address: http://hashicorp-vault.tools.svc.cluster.local:8200 defaultAuthMethod: enabled: true controller: manager: clientCache: persistenceModel: direct-encrypted storageEncryption: enabled: true mount: vault-secret-operator keyName: vso-client-cache transitMount: transit kubernetes: role: edit-vso-client-cache serviceAccount: hashicorp-vault-vault-secrets-operator-controller-manager tool: # kind: 'SubChart' or 'HelmChart', if subchart then uncomment Chart.yaml dependency, else comment and use tool library with helm chart template kind: 'SubChart' repo: https://helm.releases.hashicorp.com chart: vault version: 0.28.1 values: *vault_config