83 lines
1.6 KiB
YAML
83 lines
1.6 KiB
YAML
# HashiCorp Vault Helm Values
|
|
# Chart: https://github.com/hashicorp/vault-helm
|
|
|
|
global:
|
|
enabled: true
|
|
tlsDisable: true # 내부 클러스터에서는 TLS 비활성화
|
|
|
|
server:
|
|
enabled: true
|
|
|
|
# Production 모드 - PostgreSQL backend 사용
|
|
dev:
|
|
enabled: false
|
|
|
|
# Standalone mode with PostgreSQL backend
|
|
standalone:
|
|
enabled: true
|
|
config: |
|
|
ui = true
|
|
|
|
listener "tcp" {
|
|
tls_disable = 1
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
}
|
|
|
|
storage "postgresql" {
|
|
}
|
|
|
|
# Optional: Enable Prometheus metrics
|
|
telemetry {
|
|
prometheus_retention_time = "30s"
|
|
disable_hostname = true
|
|
}
|
|
|
|
# Environment variables from secrets
|
|
extraSecretEnvironmentVars:
|
|
- envName: VAULT_PG_CONNECTION_URL
|
|
secretName: vault-pg-connection
|
|
secretKey: connection_url
|
|
|
|
# 리소스 제한
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
memory: 512Mi
|
|
|
|
# Ingress 설정
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: haproxy
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: vault0213.kro.kr
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: vault-tls
|
|
hosts:
|
|
- vault0213.kro.kr
|
|
|
|
# 고가용성 비활성화 (단일 인스턴스)
|
|
ha:
|
|
enabled: false
|
|
|
|
# 서비스 타입
|
|
service:
|
|
enabled: true
|
|
type: ClusterIP
|
|
port: 8200
|
|
|
|
# UI 활성화
|
|
ui:
|
|
enabled: true
|
|
serviceType: ClusterIP
|
|
|
|
# Injector (나중에 필요하면 활성화)
|
|
injector:
|
|
enabled: false
|