vault values.yaml
💣
global.enabled💣
Type: bool
true
global.imagePullSecrets[0].name💣
Type: string
"private-registry"
global.tlsDisable💣
Type: bool
true
global.openshift💣
Type: bool
false
global.psp.enable💣
Type: bool
false
global.psp.annotations💣
Type: string
"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"
Default value (formatted)
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
injector.enabled💣
Type: string
"-"
injector.replicas💣
Type: int
1
injector.port💣
Type: int
8080
injector.leaderElector.enabled💣
Type: bool
false
injector.leaderElector.image.repository💣
Type: string
"registry.dso.mil/platform-one/big-bang/apps/sandbox/vault/leader-elector"
injector.leaderElector.image.tag💣
Type: string
"0.4"
injector.leaderElector.ttl💣
Type: string
"60s"
injector.metrics.enabled💣
Type: bool
true
injector.externalVaultAddr💣
Type: string
""
injector.image.repository💣
Type: string
"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"
injector.image.tag💣
Type: string
"0.16.1"
injector.image.pullPolicy💣
Type: string
"IfNotPresent"
injector.agentImage.repository💣
Type: string
"registry1.dso.mil/ironbank/hashicorp/vault/vault"
injector.agentImage.tag💣
Type: string
"1.11.0"
injector.agentDefaults.cpuLimit💣
Type: string
"500m"
injector.agentDefaults.cpuRequest💣
Type: string
"500m"
injector.agentDefaults.memLimit💣
Type: string
"250Mi"
injector.agentDefaults.memRequest💣
Type: string
"250Mi"
injector.agentDefaults.template💣
Type: string
"map"
injector.agentDefaults.templateConfig.exitOnRetryFailure💣
Type: bool
true
injector.agentDefaults.templateConfig.staticSecretRenderInterval💣
Type: string
""
injector.authPath💣
Type: string
"auth/kubernetes"
injector.logLevel💣
Type: string
"info"
injector.logFormat💣
Type: string
"standard"
injector.revokeOnShutdown💣
Type: bool
false
injector.webhook.failurePolicy💣
Type: string
"Ignore"
injector.webhook.matchPolicy💣
Type: string
"Exact"
injector.webhook.timeoutSeconds💣
Type: int
30
injector.webhook.namespaceSelector💣
Type: object
{}
Default value (formatted)
{}
injector.webhook.objectSelector💣
Type: string
"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"
Default value (formatted)
matchExpressions:
- key: app.kubernetes.io/name
operator: NotIn
values:
- {{ template \"vault.name\" . }}-agent-injector
injector.webhook.annotations💣
Type: object
{}
Default value (formatted)
{}
injector.failurePolicy💣
Type: string
"Ignore"
injector.namespaceSelector💣
Type: object
{}
Default value (formatted)
{}
injector.objectSelector💣
Type: object
{}
Default value (formatted)
{}
injector.webhookAnnotations💣
Type: object
{}
Default value (formatted)
{}
injector.certs.secretName💣
Type: string
nil
injector.certs.caBundle💣
Type: string
""
injector.certs.certName💣
Type: string
"tls.crt"
injector.certs.keyName💣
Type: string
"tls.key"
injector.resources.requests.memory💣
Type: string
"256Mi"
injector.resources.requests.cpu💣
Type: string
"250m"
injector.resources.limits.memory💣
Type: string
"256Mi"
injector.resources.limits.cpu💣
Type: string
"250m"
injector.extraEnvironmentVars💣
Type: object
{}
Default value (formatted)
{}
injector.affinity💣
Type: string
"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"
Default value (formatted)
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector
app.kubernetes.io/instance: \"{{ .Release.Name }}\"
component: webhook
topologyKey: kubernetes.io/hostname
injector.topologySpreadConstraints💣
Type: list
[]
Default value (formatted)
[]
injector.tolerations💣
Type: list
[]
Default value (formatted)
[]
injector.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
injector.priorityClassName💣
Type: string
""
injector.annotations💣
Type: object
{}
Default value (formatted)
{}
injector.extraLabels💣
Type: object
{}
Default value (formatted)
{}
injector.hostNetwork💣
Type: bool
false
injector.service.annotations💣
Type: object
{}
Default value (formatted)
{}
injector.podDisruptionBudget💣
Type: object
{}
Default value (formatted)
{}
injector.strategy💣
Type: object
{}
Default value (formatted)
{}
server.enabled💣
Type: bool
true
server.extraSecretEnvironmentVars[0].envName💣
Type: string
"AWS_ACCESS_KEY_ID"
server.extraSecretEnvironmentVars[0].secretName💣
Type: string
"eks-creds"
server.extraSecretEnvironmentVars[0].secretKey💣
Type: string
"AWS_ACCESS_KEY_ID"
server.extraSecretEnvironmentVars[1].envName💣
Type: string
"AWS_SECRET_ACCESS_KEY"
server.extraSecretEnvironmentVars[1].secretName💣
Type: string
"eks-creds"
server.extraSecretEnvironmentVars[1].secretKey💣
Type: string
"AWS_SECRET_ACCESS_KEY"
server.enterpriseLicense.secretName💣
Type: string
""
server.enterpriseLicense.secretKey💣
Type: string
"license"
server.image.repository💣
Type: string
"registry1.dso.mil/ironbank/hashicorp/vault/vault"
server.image.tag💣
Type: string
"1.11.0"
server.image.pullPolicy💣
Type: string
"IfNotPresent"
server.updateStrategyType💣
Type: string
"OnDelete"
server.logLevel💣
Type: string
""
server.logFormat💣
Type: string
""
server.resources.requests.memory💣
Type: string
"256Mi"
server.resources.requests.cpu💣
Type: string
"250m"
server.resources.limits.memory💣
Type: string
"256Mi"
server.resources.limits.cpu💣
Type: string
"250m"
server.ingress.enabled💣
Type: bool
false
server.ingress.labels💣
Type: object
{}
Default value (formatted)
{}
server.ingress.annotations💣
Type: object
{}
Default value (formatted)
{}
server.ingress.ingressClassName💣
Type: string
""
server.ingress.pathType💣
Type: string
"Prefix"
server.ingress.activeService💣
Type: bool
true
server.ingress.hosts[0].host💣
Type: string
"chart-example.local"
server.ingress.hosts[0].paths💣
Type: list
[]
Default value (formatted)
[]
server.ingress.extraPaths💣
Type: list
[]
Default value (formatted)
[]
server.ingress.tls💣
Type: list
[]
Default value (formatted)
[]
server.route.enabled💣
Type: bool
false
server.route.activeService💣
Type: bool
true
server.route.labels💣
Type: object
{}
Default value (formatted)
{}
server.route.annotations💣
Type: object
{}
Default value (formatted)
{}
server.route.host💣
Type: string
"chart-example.local"
server.route.tls.termination💣
Type: string
"passthrough"
server.authDelegator.enabled💣
Type: bool
true
server.extraInitContainers💣
Type: string
nil
server.extraContainers💣
Type: string
nil
server.shareProcessNamespace💣
Type: bool
false
server.extraArgs💣
Type: string
""
server.readinessProbe.enabled💣
Type: bool
true
server.readinessProbe.failureThreshold💣
Type: int
2
server.readinessProbe.initialDelaySeconds💣
Type: int
5
server.readinessProbe.periodSeconds💣
Type: int
5
server.readinessProbe.successThreshold💣
Type: int
1
server.readinessProbe.timeoutSeconds💣
Type: int
3
server.livenessProbe.enabled💣
Type: bool
false
server.livenessProbe.path💣
Type: string
"/v1/sys/health?standbyok=true"
server.livenessProbe.failureThreshold💣
Type: int
2
server.livenessProbe.initialDelaySeconds💣
Type: int
60
server.livenessProbe.periodSeconds💣
Type: int
5
server.livenessProbe.successThreshold💣
Type: int
1
server.livenessProbe.timeoutSeconds💣
Type: int
3
server.terminationGracePeriodSeconds💣
Type: int
10
server.preStopSleepSeconds💣
Type: int
5
server.postStart💣
Type: list
[]
Default value (formatted)
[]
server.extraEnvironmentVars💣
Type: object
{}
Default value (formatted)
{}
server.extraSecretEnvironmentVars💣
Type: list
[]
Default value (formatted)
[]
server.extraVolumes💣
Type: list
[]
Default value (formatted)
[]
server.volumes💣
Type: string
nil
server.volumeMounts💣
Type: string
nil
server.affinity💣
Type: string
"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"
Default value (formatted)
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template \"vault.name\" . }}
app.kubernetes.io/instance: \"{{ .Release.Name }}\"
component: server
topologyKey: kubernetes.io/hostname
server.topologySpreadConstraints💣
Type: list
[]
Default value (formatted)
[]
server.tolerations💣
Type: list
[]
Default value (formatted)
[]
server.nodeSelector💣
Type: object
{}
Default value (formatted)
{}
server.networkPolicy.enabled💣
Type: bool
false
server.networkPolicy.egress💣
Type: list
[]
Default value (formatted)
[]
server.priorityClassName💣
Type: string
""
server.extraLabels💣
Type: object
{}
Default value (formatted)
{}
server.annotations💣
Type: object
{}
Default value (formatted)
{}
server.service.enabled💣
Type: bool
true
server.service.publishNotReadyAddresses💣
Type: bool
true
server.service.externalTrafficPolicy💣
Type: string
"Cluster"
server.service.port💣
Type: int
8200
server.service.targetPort💣
Type: int
8200
server.service.annotations💣
Type: object
{}
Default value (formatted)
{}
server.dataStorage.enabled💣
Type: bool
true
server.dataStorage.size💣
Type: string
"10Gi"
server.dataStorage.mountPath💣
Type: string
"/vault/data"
server.dataStorage.storageClass💣
Type: string
nil
server.dataStorage.accessMode💣
Type: string
"ReadWriteOnce"
server.dataStorage.annotations💣
Type: object
{}
Default value (formatted)
{}
server.auditStorage.enabled💣
Type: bool
true
server.auditStorage.size💣
Type: string
"10Gi"
server.auditStorage.mountPath💣
Type: string
"/vault/audit"
server.auditStorage.storageClass💣
Type: string
nil
server.auditStorage.accessMode💣
Type: string
"ReadWriteOnce"
server.auditStorage.annotations💣
Type: object
{}
Default value (formatted)
{}
server.dev.enabled💣
Type: bool
false
server.dev.devRootToken💣
Type: string
"root"
server.standalone.enabled💣
Type: string
"-"
server.standalone.config💣
Type: string
"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n"
Default value (formatted)
ui = true
listener \"tcp\" {
tls_disable = 1
address = \"[::]:8200\"
cluster_address = \"[::]:8201\"
}
telemetry {
prometheus_retention_time = \"24h\"
disable_hostname = true
unauthenticated_metrics_access = true
}
{{- if .Values.server.dataStorage.enabled }}
storage \"raft\" {
path = \"/vault/data\"
}
{{- end }}
{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}
storage \"s3\" {
access_key = \"{{ .Values.minio.accessKey }}\"
secret_key = \"{{ .Values.minio.secretKey }}\"
endpoint = \"{{ .Values.minio.endpoint }}\"
bucket = \"{{ .Values.minio.bucketName }}\"
s3_force_path_style = \"true\"
disable_ssl = \"{{ .Values.minio.disableSSL }}\"
}
{{- end }}
# Example configuration for using auto-unseal, using Google Cloud KMS. The
# GKMS keys must already exist, and the cluster must have a service account
# that is authorized to access GCP KMS.
#seal \"gcpckms\" {
# project = \"vault-helm-dev\"
# region = \"global\"
# key_ring = \"vault-helm-unseal-kr\"
# crypto_key = \"vault-helm-unseal-key\"
#}
server.ha.enabled💣
Type: bool
false
server.ha.replicas💣
Type: int
3
server.ha.apiAddr💣
Type: string
nil
server.ha.clusterAddr💣
Type: string
nil
server.ha.raft.enabled💣
Type: bool
true
server.ha.raft.setNodeId💣
Type: bool
true
server.ha.raft.config💣
Type: string
"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"
Default value (formatted)
ui = true
listener \"tcp\" {
tls_disable = 1
address = \"[::]:8200\"
cluster_address = \"[::]:8201\"
}
storage \"raft\" {
path = \"/vault/data\"
}
telemetry {
prometheus_retention_time = \"24h\"
disable_hostname = true
unauthenticated_metrics_access = true
}
service_registration \"kubernetes\" {}
server.ha.config💣
Type: string
"ui = true\n\nlistener \"tcp\" {\n tls_disable = 1\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n"
Default value (formatted)
ui = true
listener \"tcp\" {
tls_disable = 1
address = \"[::]:8200\"
cluster_address = \"[::]:8201\"
}
storage \"consul\" {
path = \"vault\"
address = \"HOST_IP:8500\"
}
service_registration \"kubernetes\" {}
# Example configuration for using auto-unseal, using Google Cloud KMS. The
# GKMS keys must already exist, and the cluster must have a service account
# that is authorized to access GCP KMS.
#seal \"gcpckms\" {
# project = \"vault-helm-dev-246514\"
# region = \"global\"
# key_ring = \"vault-helm-unseal-kr\"
# crypto_key = \"vault-helm-unseal-key\"
#}
server.ha.disruptionBudget.enabled💣
Type: bool
true
server.ha.disruptionBudget.maxUnavailable💣
Type: string
nil
server.serviceAccount.create💣
Type: bool
true
server.serviceAccount.name💣
Type: string
""
server.serviceAccount.annotations💣
Type: object
{}
Default value (formatted)
{}
server.statefulSet.annotations💣
Type: object
{}
Default value (formatted)
{}
ui.enabled💣
Type: bool
true
ui.publishNotReadyAddresses💣
Type: bool
true
ui.activeVaultPodOnly💣
Type: bool
false
ui.serviceType💣
Type: string
"ClusterIP"
ui.serviceNodePort💣
Type: string
nil
ui.externalPort💣
Type: int
8200
ui.targetPort💣
Type: int
8200
ui.externalTrafficPolicy💣
Type: string
"Cluster"
ui.annotations💣
Type: object
{}
Default value (formatted)
{}
csi.enabled💣
Type: bool
false
csi.image.repository💣
Type: string
"registry.dso.mil/platform-one/big-bang/apps/sandbox/vault/vault-csi-provider"
csi.image.tag💣
Type: string
"1.1.0"
csi.image.pullPolicy💣
Type: string
"IfNotPresent"
csi.volumes💣
Type: string
nil
csi.volumeMounts💣
Type: string
nil
csi.resources.requests.cpu💣
Type: string
"50m"
csi.resources.requests.memory💣
Type: string
"128Mi"
csi.resources.limits.cpu💣
Type: string
"50m"
csi.resources.limits.memory💣
Type: string
"128Mi"
csi.daemonSet.updateStrategy.type💣
Type: string
"RollingUpdate"
csi.daemonSet.updateStrategy.maxUnavailable💣
Type: string
""
csi.daemonSet.annotations💣
Type: object
{}
Default value (formatted)
{}
csi.daemonSet.providersDir💣
Type: string
"/etc/kubernetes/secrets-store-csi-providers"
csi.daemonSet.kubeletRootDir💣
Type: string
"/var/lib/kubelet"
csi.daemonSet.extraLabels💣
Type: object
{}
Default value (formatted)
{}
csi.pod.annotations💣
Type: object
{}
Default value (formatted)
{}
csi.pod.tolerations💣
Type: list
[]
Default value (formatted)
[]
csi.pod.extraLabels💣
Type: object
{}
Default value (formatted)
{}
csi.priorityClassName💣
Type: string
""
csi.serviceAccount.annotations💣
Type: object
{}
Default value (formatted)
{}
csi.serviceAccount.extraLabels💣
Type: object
{}
Default value (formatted)
{}
csi.readinessProbe.failureThreshold💣
Type: int
2
csi.readinessProbe.initialDelaySeconds💣
Type: int
5
csi.readinessProbe.periodSeconds💣
Type: int
5
csi.readinessProbe.successThreshold💣
Type: int
1
csi.readinessProbe.timeoutSeconds💣
Type: int
3
csi.livenessProbe.failureThreshold💣
Type: int
2
csi.livenessProbe.initialDelaySeconds💣
Type: int
5
csi.livenessProbe.periodSeconds💣
Type: int
5
csi.livenessProbe.successThreshold💣
Type: int
1
csi.livenessProbe.timeoutSeconds💣
Type: int
3
csi.debug💣
Type: bool
false
csi.extraArgs💣
Type: list
[]
Default value (formatted)
[]
domain💣
Type: string
"bigbang.dev"
monitoring.enabled💣
Type: bool
false
monitoring.namespace💣
Type: string
"monitoring"
networkPolicies.enabled💣
Type: bool
false
networkPolicies.controlPlaneCidr💣
Type: string
"0.0.0.0/0"
networkPolicies.vpcCidr💣
Type: string
"0.0.0.0/0"
networkPolicies.ingressLabels.app💣
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio💣
Type: string
"ingressgateway"
autoInit.enabled💣
Type: bool
true
autoInit.image.repository💣
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
autoInit.image.tag💣
Type: string
"2.0.0"
autoInit.storage.size💣
Type: string
"2Gi"
istio.enabled💣
Type: bool
false
istio.vault.gateways[0]💣
Type: string
"istio-system/main"
istio.vault.hosts[0]💣
Type: string
"vault.{{ .Values.domain }}"
istio.vault.tls.cert💣
Type: string
""
istio.vault.tls.key💣
Type: string
""
istio.mtls.mode💣
Type: string
"STRICT"
minio.enabled💣
Type: bool
false
customAppIngressSelector.key💣
Type: string
"vault-ingress"
customAppIngressSelector.value💣
Type: bool
true
bbtests.enabled💣
Type: bool
false
bbtests.cypress.artifacts💣
Type: bool
true
bbtests.cypress.envs.cypress_vault_url💣
Type: string
"http://vault.vault.svc:8200"