feat(vault): deploy HashiCorp Vault 2.0.1 via Helm chart (5-replica HA raft) #148

Merged
unkinben merged 5 commits from benvin/vault into main 2026-05-23 22:39:42 +10:00
4 changed files with 41 additions and 1 deletions
Showing only changes of commit 0d146dc942 - Show all commits
+12
View File
@@ -12,6 +12,7 @@ metadata:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: vault.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
cert-manager.io/subject-alternative-names: vault.service.consul,vault.query.consul
external-dns.alpha.kubernetes.io/hostname: vault.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.4
spec:
1
@@ -29,3 +30,14 @@ spec:
certificateRefs:
- kind: Secret
name: vault-tls
- name: vault-direct
port: 8200
protocol: HTTPS
allowedRoutes:
namespaces:
from: Same
tls:
mode: Terminate
certificateRefs:
- kind: Secret
name: vault-tls
+24
View File
1
@@ -21,3 +21,27 @@ spec:
- path:
type: PathPrefix
value: /
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vault-consul
namespace: vault
labels:
app.kubernetes.io/name: vault
app.kubernetes.io/instance: vault
spec:
hostnames:
- vault.service.consul
- vault.query.consul
parentRefs:
- name: vault
sectionName: vault-direct
rules:
- backendRefs:
- name: vault
port: 8200
matches:
- path:
type: PathPrefix
value: /
@@ -94,5 +94,7 @@ ports:
port: 80
websecure:
port: 443
vault-direct:
port: 8200
enabled: true
+3 -1
View File
@@ -40,7 +40,9 @@ server:
}
}
service_registration "kubernetes" {}
service_registration "consul" {
address = "consul-server.consul.svc.cluster.local:8500"
}
dataStorage:
enabled: true