The Vault website is being redesigned to help you find what you are looking for more effectively.Join the Beta
Search Vault documentation » Highly Available Vault Cluster with ConsulImportant Note: This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
The below values.yaml
can be used to set up a five server Vault cluster using
Consul as a highly available storage backend, Google Cloud KMS for Auto Unseal.
server :
extraEnvironmentVars :
GOOGLE_REGION : global
GOOGLE_PROJECT : myproject
GOOGLE_APPLICATION_CREDENTIALS : /vault/userconfig/my- gcp- iam/myproject- creds.json
extraVolumes :
- type : secret
name : my- gcp- iam
affinity : |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
service :
enabled : true
ha :
enabled : true
replicas : 5
config : |
ui = true
listener "tcp" {
tls_disable = 1
address = "[ : : ] : 8200"
cluster_address = "[ : : ] : 8201"
}
storage "consul" {
path = "vault"
address = "HOST_IP: 8500"
}
seal "gcpckms" {
project = "myproject"
region = "global"
key_ring = "vault- unseal- kr"
crypto_key = "vault- unseal- key"
}
service_registration "kubernetes" { }
server :
extraEnvironmentVars :
GOOGLE_REGION : global
GOOGLE_PROJECT : myproject
GOOGLE_APPLICATION_CREDENTIALS : /vault/userconfig/my- gcp- iam/myproject- creds.json
extraVolumes :
- type : secret
name : my- gcp- iam
affinity : |
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: {{ template "vault.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
service :
enabled : true
ha :
enabled : true
replicas : 5
config : |
ui = true
listener "tcp" {
tls_disable = 1
address = "[ : : ] : 8200"
cluster_address = "[ : : ] : 8201"
}
storage "consul" {
path = "vault"
address = "HOST_IP: 8500"
}
seal "gcpckms" {
project = "myproject"
region = "global"
key_ring = "vault- unseal- kr"
crypto_key = "vault- unseal- key"
}
service_registration "kubernetes" { }