ba40525017
HA raft cluster (5 replicas) with disable_mlock=true, IPC_LOCK capability, headless-DNS retry_join, kubernetes service_registration, 10Gi cephrbd-fast-delete PVC. Gateway API HTTPRoute on 443→8200. ArgoCD platform ApplicationSet entry added.
72 lines
1.5 KiB
YAML
72 lines
1.5 KiB
YAML
server:
|
|
image:
|
|
repository: hashicorp/vault
|
|
tag: "2.0.1"
|
|
|
|
ha:
|
|
enabled: true
|
|
replicas: 5
|
|
|
|
raft:
|
|
enabled: true
|
|
setNodeId: true
|
|
config: |
|
|
ui = true
|
|
disable_mlock = true
|
|
|
|
listener "tcp" {
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
tls_disable = "true"
|
|
}
|
|
|
|
storage "raft" {
|
|
path = "/vault/data"
|
|
|
|
retry_join {
|
|
leader_api_addr = "http://vault-0.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-1.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-2.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-3.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
retry_join {
|
|
leader_api_addr = "http://vault-4.vault-internal.vault.svc.cluster.local:8200"
|
|
}
|
|
}
|
|
|
|
service_registration "kubernetes" {}
|
|
|
|
dataStorage:
|
|
enabled: true
|
|
size: 10Gi
|
|
storageClass: cephrbd-fast-delete
|
|
accessMode: ReadWriteOnce
|
|
|
|
statefulSet:
|
|
securityContext:
|
|
container:
|
|
capabilities:
|
|
add:
|
|
- IPC_LOCK
|
|
|
|
resources:
|
|
requests:
|
|
memory: 256Mi
|
|
cpu: 100m
|
|
limits:
|
|
memory: 2Gi
|
|
cpu: 1000m
|
|
|
|
injector:
|
|
enabled: false
|
|
|
|
ui:
|
|
enabled: true
|
|
serviceType: ClusterIP
|