server: image: repository: hashicorp/vault tag: "2.0.1" ha: enabled: true replicas: 5 raft: enabled: true setNodeId: true config: | ui = true disable_mlock = true listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = "true" } storage "raft" { path = "/vault/data" retry_join { leader_api_addr = "http://vault-0.vault-internal.vault.svc.cluster.local:8200" } retry_join { leader_api_addr = "http://vault-1.vault-internal.vault.svc.cluster.local:8200" } retry_join { leader_api_addr = "http://vault-2.vault-internal.vault.svc.cluster.local:8200" } retry_join { leader_api_addr = "http://vault-3.vault-internal.vault.svc.cluster.local:8200" } retry_join { leader_api_addr = "http://vault-4.vault-internal.vault.svc.cluster.local:8200" } } service_registration "kubernetes" {} dataStorage: enabled: true size: 10Gi storageClass: cephrbd-fast-delete accessMode: ReadWriteOnce extraEnv: - name: VAULT_K8S_NAMESPACE value: vault - name: VAULT_K8S_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name statefulSet: securityContext: container: capabilities: add: - IPC_LOCK resources: requests: memory: 256Mi cpu: 100m limits: memory: 2Gi cpu: 1000m injector: enabled: false ui: enabled: true serviceType: ClusterIP