todd-dsm · December 13, 2021 21:15
diff --git a/override-values-all.yaml b/override-values-all.yaml
 --- 
 csi: 
  daemonSet: 
    annotations: {}
    kubeletRootDir: /var/lib/kubelet
    providersDir: /etc/kubernetes/secrets-store-csi-providers
    updateStrategy: 
      maxUnavailable: ""
      type: RollingUpdate
  debug: false
  enabled: false
  extraArgs: []
  image: 
    pullPolicy: IfNotPresent
    repository: hashicorp/vault-csi-provider
    tag: "0.3.0"
  livenessProbe: 
    failureThreshold: 2
    initialDelaySeconds: 5
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3
  pod: 
    annotations: {}
    tolerations: []
  readinessProbe: 
    failureThreshold: 2
    initialDelaySeconds: 5
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3
  resources: {}
  serviceAccount: 
    annotations: {}
  volumeMounts: ~
  volumes: ~
 global: 
  enabled: true
  imagePullSecrets: []
  openshift: false
  psp: 
    annotations: |
        seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
        apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
        seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
        apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
    enable: false
  tlsDisable: true
 injector: 
  affinity: |
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
                app.kubernetes.io/instance: "{{ .Release.Name }}"
                component: webhook
            topologyKey: kubernetes.io/hostname
  agentDefaults: 
    cpuLimit: 500m
    cpuRequest: 250m
    memLimit: 128Mi
    memRequest: 64Mi
    template: map
    templateConfig: 
      exitOnRetryFailure: true
      staticSecretRenderInterval: ""
  agentImage: 
    repository: hashicorp/vault
    tag: "1.9.0"
  annotations: {}
  authPath: auth/kubernetes
  certs: 
    caBundle: ""
    certName: tls.crt
    keyName: tls.key
    secretName: ~
  enabled: true
  externalVaultAddr: ""
  extraEnvironmentVars: {}
  extraLabels: {}
  failurePolicy: Ignore
  hostNetwork: false
  image: 
    pullPolicy: IfNotPresent
    repository: hashicorp/vault-k8s
    tag: "0.14.1"
  leaderElector: 
    enabled: true
  logFormat: standard
  logLevel: info
  metrics: 
    enabled: false
  namespaceSelector: {}
  nodeSelector: {}
  objectSelector: {}
  port: 8080
  priorityClassName: ""
  replicas: 1
  resources: {}
  revokeOnShutdown: false
  service: 
    annotations: {}
  tolerations: []
  webhookAnnotations: {}
 server: 
  affinity: |
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchLabels:
                app.kubernetes.io/name: {{ template "vault.name" . }}
                app.kubernetes.io/instance: "{{ .Release.Name }}"
                component: server
            topologyKey: kubernetes.io/hostname
  annotations: {}
  auditStorage: 
    accessMode: ReadWriteOnce
    annotations: {}
    enabled: false
    mountPath: /vault/audit
    size: 10Gi
    storageClass: ~
  authDelegator: 
    enabled: true
  dataStorage: 
    accessMode: ReadWriteOnce
    annotations: {}
    enabled: true
    mountPath: /vault/data
    size: 10Gi
    storageClass: ~
  dev: 
    devRootToken: root
    enabled: false
  enabled: true
  enterpriseLicense: 
    secretKey: license
    secretName: ""
  extraArgs: ""
  extraContainers: ~
  extraEnvironmentVars: {}
  extraInitContainers: ~
  extraLabels: {}
  extraSecretEnvironmentVars: []
  extraVolumes: []
  ha: 
    apiAddr: ~
    config: |
        ui = true
        
        listener "tcp" {
          tls_disable = 1
          address = "[::]:8200"
          cluster_address = "[::]:8201"
        }
        storage "consul" {
          path = "vault"
          address = "HOST_IP:8500"
        }
        
        service_registration "kubernetes" {}
        
        # Example configuration for using auto-unseal, using Google Cloud KMS. The
        # GKMS keys must already exist, and the cluster must have a service account
        # that is authorized to access GCP KMS.
        #seal "gcpckms" {
        #   project     = "vault-helm-dev-246514"
        #   region      = "global"
        #   key_ring    = "vault-helm-unseal-kr"
        #   crypto_key  = "vault-helm-unseal-key"
        #}
    disruptionBudget: 
      enabled: true
      maxUnavailable: ~
    enabled: false
    raft: 
      config: |
          ui = true
          
          listener "tcp" {
            tls_disable = 1
            address = "[::]:8200"
            cluster_address = "[::]:8201"
          }
          
          storage "raft" {
            path = "/vault/data"
          }
          
          service_registration "kubernetes" {}
      enabled: false
      setNodeId: false
    replicas: 3
  image: 
    pullPolicy: IfNotPresent
    repository: hashicorp/vault
    tag: "1.9.0"
  ingress: 
    activeService: true
    annotations: {}
    enabled: false
    extraPaths: []
    hosts: 
      - 
        host: chart-example.local
        paths: []
    ingressClassName: ""
    labels: {}
    pathType: Prefix
    tls: []
  livenessProbe: 
    enabled: false
    failureThreshold: 2
    initialDelaySeconds: 60
    path: /v1/sys/health?standbyok=true
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3
  logFormat: ""
  logLevel: ""
  networkPolicy: 
    egress: []
    enabled: false
  nodeSelector: {}
  postStart: []
  preStopSleepSeconds: 5
  priorityClassName: ""
  readinessProbe: 
    enabled: true
    failureThreshold: 2
    initialDelaySeconds: 5
    periodSeconds: 5
    successThreshold: 1
    timeoutSeconds: 3
  resources: {}
  route: 
    activeService: true
    annotations: {}
    enabled: false
    host: chart-example.local
    labels: {}
  service: 
    annotations: {}
    enabled: true
    externalTrafficPolicy: Cluster
    port: 8200
    targetPort: 8200
  serviceAccount: 
    annotations: {}
    create: true
    name: ""
  shareProcessNamespace: false
  standalone: 
    config: |
        ui = true
        
        listener "tcp" {
          tls_disable = 1
          address = "[::]:8200"
          cluster_address = "[::]:8201"
        }
        storage "file" {
          path = "/vault/data"
        }
        
        # Example configuration for using auto-unseal, using Google Cloud KMS. The
        # GKMS keys must already exist, and the cluster must have a service account
        # that is authorized to access GCP KMS.
        #seal "gcpckms" {
        #   project     = "vault-helm-dev"
        #   region      = "global"
        #   key_ring    = "vault-helm-unseal-kr"
        #   crypto_key  = "vault-helm-unseal-key"
        #}
    enabled: "-"
  statefulSet: 
    annotations: {}
  tolerations: []
  updateStrategyType: OnDelete
  volumeMounts: ~
  volumes: ~
 ui: 
  activeVaultPodOnly: false
  annotations: {}
  enabled: false
  externalPort: 8200
  externalTrafficPolicy: Cluster
  publishNotReadyAddresses: true
  serviceNodePort: ~
  serviceType: ClusterIP
  targetPort: 8200
	---
	csi:
	daemonSet:
	annotations: {}
	kubeletRootDir: /var/lib/kubelet
	providersDir: /etc/kubernetes/secrets-store-csi-providers
	updateStrategy:
	maxUnavailable: ""
	type: RollingUpdate
	debug: false
	enabled: false
	extraArgs: []
	image:
	pullPolicy: IfNotPresent
	repository: hashicorp/vault-csi-provider
	tag: "0.3.0"
	livenessProbe:
	failureThreshold: 2
	initialDelaySeconds: 5
	periodSeconds: 5
	successThreshold: 1
	timeoutSeconds: 3
	pod:
	annotations: {}
	tolerations: []
	readinessProbe:
	failureThreshold: 2
	initialDelaySeconds: 5
	periodSeconds: 5
	successThreshold: 1
	timeoutSeconds: 3
	resources: {}
	serviceAccount:
	annotations: {}
	volumeMounts: ~
	volumes: ~
	global:
	enabled: true
	imagePullSecrets: []
	openshift: false
	psp:
	annotations: \|
	seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
	apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
	seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
	apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
	enable: false
	tlsDisable: true
	injector:
	affinity: \|
	podAntiAffinity:
	requiredDuringSchedulingIgnoredDuringExecution:
	- labelSelector:
	matchLabels:
	app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
	app.kubernetes.io/instance: "{{ .Release.Name }}"
	component: webhook
	topologyKey: kubernetes.io/hostname
	agentDefaults:
	cpuLimit: 500m
	cpuRequest: 250m
	memLimit: 128Mi
	memRequest: 64Mi
	template: map
	templateConfig:
	exitOnRetryFailure: true
	staticSecretRenderInterval: ""
	agentImage:
	repository: hashicorp/vault
	tag: "1.9.0"
	annotations: {}
	authPath: auth/kubernetes
	certs:
	caBundle: ""
	certName: tls.crt
	keyName: tls.key
	secretName: ~
	enabled: true
	externalVaultAddr: ""
	extraEnvironmentVars: {}
	extraLabels: {}
	failurePolicy: Ignore
	hostNetwork: false
	image:
	pullPolicy: IfNotPresent
	repository: hashicorp/vault-k8s
	tag: "0.14.1"
	leaderElector:
	enabled: true
	logFormat: standard
	logLevel: info
	metrics:
	enabled: false
	namespaceSelector: {}
	nodeSelector: {}
	objectSelector: {}
	port: 8080
	priorityClassName: ""
	replicas: 1
	resources: {}
	revokeOnShutdown: false
	service:
	annotations: {}
	tolerations: []
	webhookAnnotations: {}
	server:
	affinity: \|
	podAntiAffinity:
	requiredDuringSchedulingIgnoredDuringExecution:
	- labelSelector:
	matchLabels:
	app.kubernetes.io/name: {{ template "vault.name" . }}
	app.kubernetes.io/instance: "{{ .Release.Name }}"
	component: server
	topologyKey: kubernetes.io/hostname
	annotations: {}
	auditStorage:
	accessMode: ReadWriteOnce
	annotations: {}
	enabled: false
	mountPath: /vault/audit
	size: 10Gi
	storageClass: ~
	authDelegator:
	enabled: true
	dataStorage:
	accessMode: ReadWriteOnce
	annotations: {}
	enabled: true
	mountPath: /vault/data
	size: 10Gi
	storageClass: ~
	dev:
	devRootToken: root
	enabled: false
	enabled: true
	enterpriseLicense:
	secretKey: license
	secretName: ""
	extraArgs: ""
	extraContainers: ~
	extraEnvironmentVars: {}
	extraInitContainers: ~
	extraLabels: {}
	extraSecretEnvironmentVars: []
	extraVolumes: []
	ha:
	apiAddr: ~
	config: \|
	ui = true

	listener "tcp" {
	tls_disable = 1
	address = "[::]:8200"
	cluster_address = "[::]:8201"
	}
	storage "consul" {
	path = "vault"
	address = "HOST_IP:8500"
	}

	service_registration "kubernetes" {}

	# Example configuration for using auto-unseal, using Google Cloud KMS. The
	# GKMS keys must already exist, and the cluster must have a service account
	# that is authorized to access GCP KMS.
	#seal "gcpckms" {
	# project = "vault-helm-dev-246514"
	# region = "global"
	# key_ring = "vault-helm-unseal-kr"
	# crypto_key = "vault-helm-unseal-key"
	#}
	disruptionBudget:
	enabled: true
	maxUnavailable: ~
	enabled: false
	raft:
	config: \|
	ui = true

	listener "tcp" {
	tls_disable = 1
	address = "[::]:8200"
	cluster_address = "[::]:8201"
	}

	storage "raft" {
	path = "/vault/data"
	}

	service_registration "kubernetes" {}
	enabled: false
	setNodeId: false
	replicas: 3
	image:
	pullPolicy: IfNotPresent
	repository: hashicorp/vault
	tag: "1.9.0"
	ingress:
	activeService: true
	annotations: {}
	enabled: false
	extraPaths: []
	hosts:
	-
	host: chart-example.local
	paths: []
	ingressClassName: ""
	labels: {}
	pathType: Prefix
	tls: []
	livenessProbe:
	enabled: false
	failureThreshold: 2
	initialDelaySeconds: 60
	path: /v1/sys/health?standbyok=true
	periodSeconds: 5
	successThreshold: 1
	timeoutSeconds: 3
	logFormat: ""
	logLevel: ""
	networkPolicy:
	egress: []
	enabled: false
	nodeSelector: {}
	postStart: []
	preStopSleepSeconds: 5
	priorityClassName: ""
	readinessProbe:
	enabled: true
	failureThreshold: 2
	initialDelaySeconds: 5
	periodSeconds: 5
	successThreshold: 1
	timeoutSeconds: 3
	resources: {}
	route:
	activeService: true
	annotations: {}
	enabled: false
	host: chart-example.local
	labels: {}
	service:
	annotations: {}
	enabled: true
	externalTrafficPolicy: Cluster
	port: 8200
	targetPort: 8200
	serviceAccount:
	annotations: {}
	create: true
	name: ""
	shareProcessNamespace: false
	standalone:
	config: \|
	ui = true

	listener "tcp" {
	tls_disable = 1
	address = "[::]:8200"
	cluster_address = "[::]:8201"
	}
	storage "file" {
	path = "/vault/data"
	}

	# Example configuration for using auto-unseal, using Google Cloud KMS. The
	# GKMS keys must already exist, and the cluster must have a service account
	# that is authorized to access GCP KMS.
	#seal "gcpckms" {
	# project = "vault-helm-dev"
	# region = "global"
	# key_ring = "vault-helm-unseal-kr"
	# crypto_key = "vault-helm-unseal-key"
	#}
	enabled: "-"
	statefulSet:
	annotations: {}
	tolerations: []
	updateStrategyType: OnDelete
	volumeMounts: ~
	volumes: ~
	ui:
	activeVaultPodOnly: false
	annotations: {}
	enabled: false
	externalPort: 8200
	externalTrafficPolicy: Cluster
	publishNotReadyAddresses: true
	serviceNodePort: ~
	serviceType: ClusterIP
	targetPort: 8200