upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 08:55:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Docs updates for vault-helm 0.6.0 release (#9116)

Browse source 
* Docs updates for vault-helm 0.6.0 release

* added openshift and postStart values

* noting that openshift support is a beta feature
This commit is contained in:
Theron Voran 2020-06-03 08:44:32 -07:00 committed by GitHub
parent 71fa313ee3
commit 53b8cdb8c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 67 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
website/pages/docs/platform/k8s/helm/configuration.mdx
View file

@ -25,6 +25,10 @@ and consider if they're appropriate for your deployment.
- `tlsDisable` (`boolean: true`) - When set to `true`, changes URLs from `https` to `http` (such as the `VAULT_ADDR=http://127.0.0.1:8200` environment variable set on the Vault pods).
- `openshift` (`boolean: false`) - If `true`, enables configuration specific to OpenShift such as NetworkPolicy, SecurityContext, and Route.
~> **Note:** OpenShift support is a beta feature.
- `injector` - Values that configure running a Vault Agent Injector Admission Webhook Controller within Kubernetes.
- `enabled` (`boolean: true`) - When set to `true`, the Vault Agent Injector Admission Webhook controller will be created.
@ -91,6 +95,8 @@ and consider if they're appropriate for your deployment.
- `nodeSelector` (`string: null`) - nodeSelector labels for injector pod assignment, formatted as a muli-line string.
- `priorityClassName` (`string: ""`) - Priority class for injector pods
- `server` - Values that configure running a Vault server within Kubernetes.
- `image` - Values that configure the Vault Docker image.
@ -115,13 +121,21 @@ and consider if they're appropriate for your deployment.
* `ingress` - Values that configure Ingress services for Vault.
- `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created.
~> If deploying on OpenShift, these ingress settings are ignored. Use the [`route`](#route) configuration to expose Vault on OpenShift.
- `enabled` (`boolean: false`) - When set to `true`, an [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) service will be created. If [`ha`](#ha) is enabled the Ingress will point to the active vault server via the `active` Service.
- `labels` (`dictionary: {}`) - Labels for the ingress service.
- `annotations` (`string`) - This value defines additional annotations to add to the Ingress service. This should be formatted as a multi-line string.
- `annotations` (`dictionary: {}`) - This value defines additional annotations to
add to the Ingress service. This can either be YAML or a YAML-formatted
multi-line templated string.
```yaml
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
# or
annotations: |
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
@ -139,6 +153,16 @@ and consider if they're appropriate for your deployment.
- /vault
```
* `route` - Values that configure Route services for Vault in OpenShift
- `enabled` (`boolean: false`) - When set to `true`, a Route for Vault will be created. If [`ha`](#ha) is enabled the Route will point to the active vault server via the `active` Service.
- `labels` (`dictionary: {}`) - Labels for the Route
- `annotations` (`dictionary: {}`) - Annotations to add to the Route. This can either be YAML or a YAML-formatted multi-line templated string.
- `host` (`string: "chart-example.local"`) - Sets the hostname for the Route.
* `tls` - Values that configure the Ingress TLS rules.
- `hosts` (`array: []`): List of the hosts defined in the Common Name of the TLS Certificate.
@ -185,7 +209,18 @@ and consider if they're appropriate for your deployment.
- `preStopSleepSeconds` (`int: 5`) - Used to set the sleep time during the preStop step.
- `extraContainers` (`array: []`) - The extra containers to be applied to the Vault server pods.
- `postStart` (`array: []`) - Used to define commands to run after the pod is ready. This can be used to automate processes such as initialization or bootstrapping auth methods.
```yaml
postStart:
- /bin/sh
- -c
- /vault/userconfig/myscript/run.sh
```
- `extraInitContainers` (`array: null`) - extraInitContainers is a list of init containers. Specified as a YAML list. This is useful if you need to run a script to provision TLS certificates or write out configuration files in a dynamic way.
- `extraContainers` (`array: null`) - The extra containers to be applied to the Vault server pods.
```yaml
extraContainers:
@ -267,23 +302,25 @@ and consider if they're appropriate for your deployment.
topologyKey: kubernetes.io/hostname
```
- `tolerations` (`array []`) - This value defines the [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) that are acceptable when being scheduled.
- `tolerations` (`string: null`) - This value defines the [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) that are acceptable when being scheduled. This should be a multi-line string matching the Toleration array in a PodSpec.
```yaml
tolerations:
tolerations: |
- key: 'node.kubernetes.io/unreachable'
operator: 'Exists'
effect: 'NoExecute'
tolerationSeconds: 6000
```
- `nodeSelector` - This value defines additional node selection criteria for more control over where the Vault servers are deployed.
- `nodeSelector` - This value defines additional node selection criteria for more control over where the Vault servers are deployed. This should be formatted as a multi-line string.
```yaml
nodeSelector:
nodeSelector: |
disktype: ssd
```
- `priorityClassName` (`string: ""`) - Priority class for server pods
- `extraLabels` (`dictionary: {}`) - This value defines additional labels for server pods.
```yaml
@ -292,15 +329,19 @@ and consider if they're appropriate for your deployment.
"sample/label2": "bar"
```
- `annotations` - This value defines additional annotations for server pods. This should be a formatted as a multi-line string.
- `annotations` (`dictionary: {}`) - This value defines additional annotations for server pods. This can either be YAML or a YAML-formatted multi-line templated string.
```yaml
annotations:
"sample/annotation1": "foo"
"sample/annotation2": "bar"
# or
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
```
- `service` - Values that configure the Kubernetes service created for Vault.
- `service` - Values that configure the Kubernetes service created for Vault. These options are also used for the `active` and `standby` services when [`ha`](#ha) is enabled.
- `enabled` (`boolean: true`) - When set to `true`, a Kubernetes service will be created for Vault.
@ -314,9 +355,13 @@ and consider if they're appropriate for your deployment.
- `nodePort` (`int:`) - When type is set to `NodePort`, the bound node port can be configured using this value. A random port will be assigned if this is left blank.
- `annotations` (`string`) - This value defines additional annotations for the service. This should be formatted as a multi-line string.
- `annotations` (`dictionary: {}`) - This value defines additional annotations for the service. This can either be YAML or a YAML-formatted multi-line templated string.
```yaml
annotations:
"sample/annotation1": "foo"
"sample/annotation2": "bar"
# or
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
@ -324,9 +369,13 @@ and consider if they're appropriate for your deployment.
- `serviceAccount` - Values that configure the Kubernetes service account created for Vault.
- `annotations` (`string`) - This value defines additional annotations for the service account. This should be formatted as a multi-line string.
- `annotations` (`dictionary: {}`) - This value defines additional annotations for the service account. This can either be YAML or a YAML-formatted multi-line templated string.
```yaml
annotations:
"sample/annotation1": "foo"
"sample/annotation2": "bar"
# or
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"
@ -413,6 +462,8 @@ and consider if they're appropriate for your deployment.
- `enabled` (`boolean: false`) -
Enables `raft` integrated storage mode for the Vault server. This mode uses persistent volumes for storage.
- `setNodeId` (`boolean: false`) - Set the Node Raft ID to the name of the pod.
- `config` (`string: "{}"`) -
A raw string of extra HCL or JSON [configuration](/docs/configuration) for Vault servers.
This will be saved as-is into a ConfigMap that is read by the Vault servers.
@ -488,9 +539,13 @@ and consider if they're appropriate for your deployment.
- `loadBalancerIP` (`string`) - This value defines the IP address of the load balancer when using `serviceType: LoadBalancer`.
- `annotations` (`string`) - This value defines additional annotations for the UI service. This should be a formatted as a multi-line string.
- `annotations` (`dictionary: {}`) - This value defines additional annotations for the UI service. This can either be YAML or a YAML-formatted multi-line templated string.
```yaml
annotations:
"sample/annotation1": "foo"
"sample/annotation2": "bar"
# or
annotations: |
"sample/annotation1": "foo"
"sample/annotation2": "bar"