This directory contains a Kubernetes chart to deploy a Vault server.
- Kubernetes 1.6+
This chart will do the following:
- Implement a Vault deployment
Please note that a backend service for Vault (for example, Consul) must
be deployed beforehand and configured with the vault.config option. YAML
provided under this option will be converted to JSON for the final Vault
config.json file.
See https://www.vaultproject.io/docs/configuration/ for more information.
To install the chart, use the following, this backs Vault with a Consul cluster:
$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
$ helm install incubator/vault --set vault.dev=false --set vault.config.storage.consul.address="myconsul-svc-name:8500",vault.config.storage.consul.path="vault"An alternative example using the Amazon S3 backend can be specified using:
vault:
config:
storage:
s3:
access_key: "AWS-ACCESS-KEY"
secret_key: "AWS-SECRET-KEY"
bucket: "AWS-BUCKET"
region: "eu-central-1"
The following table lists the configurable parameters of the Vault chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.pullPolicy |
Container pull policy | IfNotPresent |
image.repository |
Container image to use | vault |
image.tag |
Container image tag to deploy | 0.9.0 |
vault.dev |
Use Vault in dev mode | true (set to false in production) |
vault.customSecrets |
Custom secrets available to Vault | [] |
vault.config |
Vault configuration | No default backend |
replicaCount |
k8s replicas | 1 |
resources.limits.cpu |
Container requested CPU | nil |
resources.limits.memory |
Container requested memory | nil |
affinity |
Affinity settings | See values.yaml |
Specify each parameter using the --set key=value[,key=value] argument to helm install.
Once the Vault pod is ready, it can be accessed using a kubectl port-forward:
$ kubectl port-forward vault-pod 8200
$ export VAULT_ADDR=http://127.0.0.1:8200
$ vault status