Mayne0213
739ac544c7
- Remove deprecated master taint from falco - Update vault tolerations to control-plane - Change effect from NoExecute to NoSchedule
89 lines
1.7 KiB
YAML
89 lines
1.7 KiB
YAML
# HashiCorp Vault Helm Values
|
|
# Chart: https://github.com/hashicorp/vault-helm
|
|
|
|
global:
|
|
enabled: true
|
|
tlsDisable: true # 내부 클러스터에서는 TLS 비활성화
|
|
|
|
server:
|
|
enabled: true
|
|
|
|
# Production 모드
|
|
dev:
|
|
enabled: false
|
|
|
|
# Standalone 비활성화 (HA 사용)
|
|
standalone:
|
|
enabled: false
|
|
|
|
# HA 설정 - PostgreSQL storage (config from External Secret)
|
|
ha:
|
|
enabled: true
|
|
replicas: 3
|
|
raft:
|
|
enabled: false
|
|
# Empty config - actual config is in vault-config-secret
|
|
config: ""
|
|
|
|
# PVC 비활성화 (PostgreSQL 사용)
|
|
dataStorage:
|
|
enabled: false
|
|
|
|
# Config from External Secret
|
|
volumes:
|
|
- name: vault-config-secret
|
|
secret:
|
|
secretName: vault-config-secret
|
|
|
|
volumeMounts:
|
|
- name: vault-config-secret
|
|
mountPath: /vault/userconfig
|
|
readOnly: true
|
|
|
|
# Extra args to use config from secret
|
|
extraArgs: "-config=/vault/userconfig/extraconfig-from-values.hcl"
|
|
|
|
# 리소스 제한
|
|
resources:
|
|
requests:
|
|
cpu: 35m
|
|
memory: 263Mi
|
|
limits:
|
|
memory: 263Mi
|
|
|
|
# Ingress 설정
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
hosts:
|
|
- host: vault0213.kro.kr
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: vault-tls
|
|
hosts:
|
|
- vault0213.kro.kr
|
|
|
|
# 서비스 타입
|
|
service:
|
|
enabled: true
|
|
type: ClusterIP
|
|
port: 8200
|
|
|
|
# Tolerations for control-plane node
|
|
tolerations:
|
|
- key: "node-role.kubernetes.io/control-plane"
|
|
operator: "Exists"
|
|
effect: "NoSchedule"
|
|
|
|
# UI 활성화
|
|
ui:
|
|
enabled: true
|
|
serviceType: ClusterIP
|
|
|
|
# Injector (나중에 필요하면 활성화)
|
|
injector:
|
|
enabled: false
|