titan-iac/services/vault/helmrelease.yaml

apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: vault
  namespace: vault
spec:
  interval: 30m
  chart:
    spec:
      chart: vault
      version: 0.x.x
      sourceRef:
        kind: HelmRepository
        name: hashicorp
        namespace: flux-system
  install:
    remediation: { retries: 3 }
  upgrade:
    remediation: { retries: 3 }
  values:
    injector:
      enabled: true
      resources:
        requests: { cpu: "50m", memory: "64Mi" }
    csi:
      enabled: false
    server:
      ha:
        enabled: true
        replicas: 1
        raft:
          enabled: true
      extraEnvironmentVars:
        VAULT_API_ADDR: "https://secret.bstein.dev"
        VAULT_REDIRECT_ADDR: "https://secret.bstein.dev"
      dataStorage:
        enabled: true
        size: 10Gi
        storageClass: astreae
      resources:
        requests: { cpu: "100m", memory: "256Mi" }
      service:
        type: ClusterIP
      extraVolumes:
        - type: secret
          name: vault-server-tls
          path: /vault/userconfig/tls
      extraVolumeMounts:
        - name: vault-server-tls
          mountPath: /vault/userconfig/tls
          readOnly: true
      config: |
        ui = true
        cluster_name = "vault-k8s"
        listener "tcp" {
          address         = "0.0.0.0:8200"
          cluster_address = "0.0.0.0:8201"
          tls_cert_file   = "/vault/userconfig/tls/tls.crt"
          tls_key_file    = "/vault/userconfig/tls/tls.key"
        }
        storage "raft" {
          path = "/vault/data"
        }
        api_addr      = "https://secret.bstein.dev"
        cluster_addr  = "https://vault-0.vault-internal:8201"
    ui:
      enabled: true
added helm sources 2025-08-19 08:45:29 -05:00			`apiVersion: helm.toolkit.fluxcd.io/v2`
added vault 2025-08-19 01:06:45 -05:00			`kind: HelmRelease`
			`metadata:`
			`name: vault`
added helm sources 2025-08-19 08:45:29 -05:00			`namespace: vault`
added vault 2025-08-19 01:06:45 -05:00			`spec:`
added helm sources 2025-08-19 08:45:29 -05:00			`interval: 30m`
added vault 2025-08-19 01:06:45 -05:00			`chart:`
			`spec:`
			`chart: vault`
added helm sources 2025-08-19 08:45:29 -05:00			`version: 0.x.x`
added vault 2025-08-19 01:06:45 -05:00			`sourceRef:`
			`kind: HelmRepository`
			`name: hashicorp`
			`namespace: flux-system`
added helm sources 2025-08-19 08:45:29 -05:00			`install:`
			`remediation: { retries: 3 }`
			`upgrade:`
			`remediation: { retries: 3 }`
added vault 2025-08-19 01:06:45 -05:00			`values:`
added helm sources 2025-08-19 08:45:29 -05:00			`injector:`
added vault 2025-08-19 01:06:45 -05:00			`enabled: true`
added helm sources 2025-08-19 08:45:29 -05:00			`resources:`
			`requests: { cpu: "50m", memory: "64Mi" }`
			`csi:`
			`enabled: false`
added vault 2025-08-19 01:06:45 -05:00			`server:`
			`ha:`
			`enabled: true`
added helm sources 2025-08-19 08:45:29 -05:00			`replicas: 1`
added vault 2025-08-19 01:06:45 -05:00			`raft:`
			`enabled: true`
added cred req for vault 2025-08-19 21:01:54 -05:00			`extraEnvironmentVars:`
			`VAULT_API_ADDR: "https://secret.bstein.dev"`
			`VAULT_REDIRECT_ADDR: "https://secret.bstein.dev"`
added vault 2025-08-19 01:06:45 -05:00			`dataStorage:`
			`enabled: true`
added helm sources 2025-08-19 08:45:29 -05:00			`size: 10Gi`
added vault 2025-08-19 09:12:35 -05:00			`storageClass: astreae`
added vault 2025-08-19 01:06:45 -05:00			`resources:`
			`requests: { cpu: "100m", memory: "256Mi" }`
added helm sources 2025-08-19 08:45:29 -05:00			`service:`
			`type: ClusterIP`
added cred req for vault 2025-08-19 21:01:54 -05:00			`extraVolumes:`
			`- type: secret`
			`name: vault-server-tls`
			`path: /vault/userconfig/tls`
			`extraVolumeMounts:`
			`- name: vault-server-tls`
			`mountPath: /vault/userconfig/tls`
			`readOnly: true`
			`config: \|`
			`ui = true`
			`cluster_name = "vault-k8s"`
			`listener "tcp" {`
			`address = "0.0.0.0:8200"`
			`cluster_address = "0.0.0.0:8201"`
			`tls_cert_file = "/vault/userconfig/tls/tls.crt"`
			`tls_key_file = "/vault/userconfig/tls/tls.key"`
			`}`
			`storage "raft" {`
			`path = "/vault/data"`
			`}`
			`api_addr = "https://secret.bstein.dev"`
			`cluster_addr = "https://vault-0.vault-internal:8201"`
added helm sources 2025-08-19 08:45:29 -05:00			`ui:`
added vault 2025-08-19 01:06:45 -05:00			`enabled: true`