61 lines
1.6 KiB
YAML
61 lines
1.6 KiB
YAML
vault: &vault_config
|
|
|
|
global:
|
|
enabled: false
|
|
|
|
server:
|
|
enabled: true
|
|
logLevel: debug
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
|
|
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.duckdns.org
|
|
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: vault.arcodange.duckdns.org
|
|
traefik.ingress.kubernetes.io/router.middlewares: localIp@file
|
|
hosts:
|
|
- host: vault.arcodange.duckdns.org
|
|
paths: []
|
|
|
|
postStart: [] # https://github.com/hashicorp/vault-helm/blob/main/values.yaml
|
|
|
|
standalone:
|
|
enabled: true
|
|
config: |-
|
|
ui = true
|
|
|
|
listener "tcp" {
|
|
tls_disable = 1
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
# Enable unauthenticated metrics access (necessary for Prometheus Operator)
|
|
#telemetry {
|
|
# unauthenticated_metrics_access = "true"
|
|
#}
|
|
}
|
|
storage "file" {
|
|
path = "/vault/data"
|
|
}
|
|
|
|
# Example configuration for enabling Prometheus metrics in your config.
|
|
#telemetry {
|
|
# prometheus_retention_time = "30s"
|
|
# disable_hostname = true
|
|
#}
|
|
|
|
ui:
|
|
enabled: true
|
|
annotations: {}
|
|
|
|
|
|
tool:
|
|
# kind: 'SubChart' or 'HelmChart', if subchart then uncomment Chart.yaml dependency, else comment and use tool library with helm chart template
|
|
kind: 'SubChart'
|
|
repo: https://helm.releases.hashicorp.com
|
|
chart: vault
|
|
version: 0.28.1
|
|
values: *vault_config
|