69 lines
1.7 KiB
YAML
69 lines
1.7 KiB
YAML
# services/vault/helmrelease.yaml
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: vault
|
|
namespace: vault
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: vault
|
|
version: 0.x.x
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: hashicorp
|
|
namespace: flux-system
|
|
install:
|
|
remediation: { retries: 3 }
|
|
upgrade:
|
|
remediation: { retries: 3 }
|
|
values:
|
|
injector:
|
|
enabled: true
|
|
resources:
|
|
requests: { cpu: "50m", memory: "64Mi" }
|
|
csi:
|
|
enabled: false
|
|
server:
|
|
ha:
|
|
enabled: true
|
|
replicas: 1
|
|
raft:
|
|
enabled: true
|
|
extraEnvironmentVars:
|
|
VAULT_API_ADDR: "https://secret.bstein.dev"
|
|
VAULT_REDIRECT_ADDR: "https://secret.bstein.dev"
|
|
dataStorage:
|
|
enabled: true
|
|
size: 10Gi
|
|
storageClass: astreae
|
|
resources:
|
|
requests: { cpu: "100m", memory: "256Mi" }
|
|
service:
|
|
type: ClusterIP
|
|
extraVolumes:
|
|
- type: secret
|
|
name: vault-server-tls
|
|
path: /vault/userconfig/tls
|
|
extraVolumeMounts:
|
|
- name: vault-server-tls
|
|
mountPath: /vault/userconfig/tls
|
|
readOnly: true
|
|
config: |
|
|
ui = true
|
|
cluster_name = "vault-k8s"
|
|
listener "tcp" {
|
|
address = "0.0.0.0:8200"
|
|
cluster_address = "0.0.0.0:8201"
|
|
tls_cert_file = "/vault/userconfig/tls/tls.crt"
|
|
tls_key_file = "/vault/userconfig/tls/tls.key"
|
|
}
|
|
storage "raft" {
|
|
path = "/vault/data"
|
|
}
|
|
api_addr = "https://secret.bstein.dev"
|
|
cluster_addr = "https://vault-0.vault-internal:8201"
|
|
ui:
|
|
enabled: true
|