Vault
Configure Vault Helm using Terraform
[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under/website, are now located inhashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in theweb-unified-docsrepo, and not this one. Changes made to/websitecontent in this repo will not be reflected on the developer.hashicorp.com website.
Terraform may also be used to configure and deploy the Vault Helm chart, by using the Helm provider.
For example, to configure the chart to deploy HA Vault with integrated storage (raft), the values overrides can be set on the command-line, in a values yaml file, or with a Terraform configuration:
$ helm install vault hashicorp/vault \
--set='server.ha.enabled=true' \
--set='server.ha.raft.enabled=true'
The values file can also be used directly in the Terraform configuration with the values directive.
Further examples
Vault config as a multi-line string
server:
ha:
enabled: true
raft:
enabled: true
setNodeId: true
config: |
ui = false
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "raft" {
path = "/vault/data"
}
service_registration "kubernetes" {}
seal "awskms" {
region = "us-west-2"
kms_key_id = "alias/my-kms-key"
}
Lists of volumes and volumeMounts
server:
volumes:
- name: userconfig-my-gcp-iam
secret:
defaultMode: 420
secretName: my-gcp-iam
volumeMounts:
- mountPath: /vault/userconfig/my-gcp-iam
name: userconfig-my-gcp-iam
readOnly: true
Annotations
Annotations can be set as a YAML map:
server:
ingress:
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: true
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: apps-subnet
or as a multi-line string:
server:
ingress:
annotations: |
service.beta.kubernetes.io/azure-load-balancer-internal: true
service.beta.kubernetes.io/azure-load-balancer-internal-subnet: apps-subnet