TsuyoshiUshio · August 9, 2019 20:32
diff --git a/vaules.yaml b/vaules.yaml
   standalone:
    enabled: false
  
  # Run Vault in "HA" mode. There are no storage requirements unless audit log 
  # persistence is required.  In HA mode Vault will configure itself to use Consul 
  # for its storage backend.  The default configuration provided will work the Consul 
  # Helm project by default.  It is possible to manually configure Vault to use a 
  # different HA backend.
  ha:
    enabled: true
    replicas: 3

    # config is a raw string of default configuration when using a Stateful
    # deployment. Default is to use a Consul for its HA storage backend.
    # This should be HCL.
    config: |
      ui = true
      api_addr = "http://POD_IP:8200"
      listener "tcp" {
        tls_disable = 1
        address     = "0.0.0.0:8200"
      }
      storage "consul" {
        path = "vault"
        address = "consul-server:8500"
      }

      # Example configuration for using auto-unseal, using Google Cloud KMS. The
      # GKMS keys must already exist, and the cluster must have a service account
      # that is authorized to access GCP KMS.
      #seal "gcpckms" {
      #   project     = "vault-helm-dev-246514"
      #   region      = "global"
      #   key_ring    = "vault-helm-unseal-kr"
      #   crypto_key  = "vault-helm-unseal-key"
      #}

    # A disruption budget limits the number of pods of a replicated application 
    # that are down simultaneously from voluntary disruptions
    disruptionBudget:
      enabled: true

    # maxUnavailable will default to (n/2)-1 where n is the number of
    # replicas. If you'd like a custom value, you can specify an override here.
      maxUnavailable: null

 # Vault UI
 ui:
  # True if you want to create a Service entry for the Vault UI.
  #
  # serviceType can be used to control the type of service created. For
  # example, setting this to "LoadBalancer" will create an external load
  # balancer (for supported K8S installations) to access the UI.
  enabled: false
  serviceType: "ClusterIP"
	standalone:
	enabled: false

	# Run Vault in "HA" mode. There are no storage requirements unless audit log
	# persistence is required. In HA mode Vault will configure itself to use Consul
	# for its storage backend. The default configuration provided will work the Consul
	# Helm project by default. It is possible to manually configure Vault to use a
	# different HA backend.
	ha:
	enabled: true
	replicas: 3

	# config is a raw string of default configuration when using a Stateful
	# deployment. Default is to use a Consul for its HA storage backend.
	# This should be HCL.
	config: \|
	ui = true
	api_addr = "http://POD_IP:8200"
	listener "tcp" {
	tls_disable = 1
	address = "0.0.0.0:8200"
	}
	storage "consul" {
	path = "vault"
	address = "consul-server:8500"
	}

	# Example configuration for using auto-unseal, using Google Cloud KMS. The
	# GKMS keys must already exist, and the cluster must have a service account
	# that is authorized to access GCP KMS.
	#seal "gcpckms" {
	# project = "vault-helm-dev-246514"
	# region = "global"
	# key_ring = "vault-helm-unseal-kr"
	# crypto_key = "vault-helm-unseal-key"
	#}

	# A disruption budget limits the number of pods of a replicated application
	# that are down simultaneously from voluntary disruptions
	disruptionBudget:
	enabled: true

	# maxUnavailable will default to (n/2)-1 where n is the number of
	# replicas. If you'd like a custom value, you can specify an override here.
	maxUnavailable: null

	# Vault UI
	ui:
	# True if you want to create a Service entry for the Vault UI.
	#
	# serviceType can be used to control the type of service created. For
	# example, setting this to "LoadBalancer" will create an external load
	# balancer (for supported K8S installations) to access the UI.
	enabled: false
	serviceType: "ClusterIP"