apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: vault
  namespace: vault
spec:
  interval: 30m
  chart:
    spec:
      chart: vault
      version: 0.x.x
      sourceRef:
        kind: HelmRepository
        name: hashicorp
        namespace: flux-system
  install:
    remediation: { retries: 3 }
  upgrade:
    remediation: { retries: 3 }
  values:
    injector:
      enabled: true
      resources:
        requests: { cpu: "50m", memory: "64Mi" }
    csi:
      enabled: false
    server:
      ha:
        enabled: true
        replicas: 1
        raft:
          enabled: true
      extraEnvironmentVars:
        VAULT_API_ADDR: "https://secret.bstein.dev"
        VAULT_REDIRECT_ADDR: "https://secret.bstein.dev"
      dataStorage:
        enabled: true
        size: 10Gi
        storageClass: astreae
      resources:
        requests: { cpu: "100m", memory: "256Mi" }
      service:
        type: ClusterIP
      extraVolumes:
        - type: secret
          name: vault-server-tls
          path: /vault/userconfig/tls
      extraVolumeMounts:
        - name: vault-server-tls
          mountPath: /vault/userconfig/tls
          readOnly: true
      config: |
        ui = true
        cluster_name = "vault-k8s"
        listener "tcp" {
          address         = "0.0.0.0:8200"
          cluster_address = "0.0.0.0:8201"
          tls_cert_file   = "/vault/userconfig/tls/tls.crt"
          tls_key_file    = "/vault/userconfig/tls/tls.key"
        }
        storage "raft" {
          path = "/vault/data"
        }
        api_addr      = "https://secret.bstein.dev"
        cluster_addr  = "https://vault-0.vault-internal:8201"
    ui:
      enabled: true