# HashiCorp Vault Helm Values
# Chart: https://github.com/hashicorp/vault-helm

global:
  enabled: true
  tlsDisable: true  # 내부 클러스터에서는 TLS 비활성화

server:
  enabled: true

  # Production 모드 - PostgreSQL backend 사용
  dev:
    enabled: false

  # Standalone mode with PostgreSQL backend
  standalone:
    enabled: true
    config: |
      ui = true

      listener "tcp" {
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      storage "postgresql" {
      }

      # Optional: Enable Prometheus metrics
      telemetry {
        prometheus_retention_time = "30s"
        disable_hostname = true
      }

  # Environment variables from secrets
  extraSecretEnvironmentVars:
    - envName: VAULT_PG_CONNECTION_URL
      secretName: vault-pg-connection
      secretKey: connection_url

  # 리소스 제한
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      memory: 512Mi

  # Ingress 설정
  ingress:
    enabled: true
    ingressClassName: haproxy
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
      - host: vault0213.kro.kr
        paths:
          - /
    tls:
      - secretName: vault-tls
        hosts:
          - vault0213.kro.kr

  # 고가용성 비활성화 (단일 인스턴스)
  ha:
    enabled: false

  # 서비스 타입
  service:
    enabled: true
    type: ClusterIP
    port: 8200

# UI 활성화
ui:
  enabled: true
  serviceType: ClusterIP

# Injector (나중에 필요하면 활성화)
injector:
  enabled: false