feat(vault): deploy HashiCorp Vault 2.0.1 via Helm chart 0.32.0
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

HA raft cluster (5 replicas) with disable_mlock=true, IPC_LOCK capability,
headless-DNS retry_join, kubernetes service_registration, 10Gi cephrbd-fast-delete
PVC. Gateway API HTTPRoute on 443→8200. ArgoCD platform ApplicationSet entry added.
This commit is contained in:
2026-05-23 18:46:50 +10:00
parent eef4c2cd49
commit ba40525017
10 changed files with 79 additions and 233 deletions
@@ -2,7 +2,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: vault
resources:
- ../../../base/vault
helmCharts:
- name: vault
repo: https://helm.releases.hashicorp.com
version: "0.32.0"
releaseName: vault
namespace: vault
valuesFile: values.yaml
+71
View File
@@ -0,0 +1,71 @@
server:
image:
repository: hashicorp/vault
tag: "2.0.1"
ha:
enabled: true
replicas: 5
raft:
enabled: true
setNodeId: true
config: |
ui = true
disable_mlock = true
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_disable = "true"
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "http://vault-0.vault-internal.vault.svc.cluster.local:8200"
}
retry_join {
leader_api_addr = "http://vault-1.vault-internal.vault.svc.cluster.local:8200"
}
retry_join {
leader_api_addr = "http://vault-2.vault-internal.vault.svc.cluster.local:8200"
}
retry_join {
leader_api_addr = "http://vault-3.vault-internal.vault.svc.cluster.local:8200"
}
retry_join {
leader_api_addr = "http://vault-4.vault-internal.vault.svc.cluster.local:8200"
}
}
service_registration "kubernetes" {}
dataStorage:
enabled: true
size: 10Gi
storageClass: cephrbd-fast-delete
accessMode: ReadWriteOnce
statefulSet:
securityContext:
container:
capabilities:
add:
- IPC_LOCK
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 2Gi
cpu: 1000m
injector:
enabled: false
ui:
enabled: true
serviceType: ClusterIP