durfy/homelab-gitops
1
0
Fork 0
mirror of https://gitlab.durp.info/durfy/homelab/gitops.git synced 2026-05-09 16:51:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
DeveloperDurp 2025-01-22 06:26:29 -06:00
parent 7588fa3279
commit 37640bd420
1 changed files with 23 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

36
infra/vault/values.yaml
View file

@ -35,24 +35,24 @@ vault:
# extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
# used to include variables required for auto-unseal. # used to include variables required for auto-unseal.
#extraEnvironmentVars: extraEnvironmentVars:
#VAULT_CACERT: /vault/userconfig/vault-server-tls/vault.ca VAULT_CACERT: /vault/userconfig/vault-server-tls/vault.ca
extraSecretEnvironmentVars: extraSecretEnvironmentVars:
- envName: VAULT_TOKEN - envName: VAULT_TOKEN
secretName: autounseal secretName: autounseal
secretKey: VAULT_TOKEN secretKey: VAULT_TOKEN
#volumes: volumes:
# - name: userconfig-vault-server-tls - name: userconfig-vault-server-tls
# secret: secret:
# defaultMode: 420 defaultMode: 420
# secretName: vault-server-tls secretName: vault-server-tls
#volumeMounts: volumeMounts:
# - mountPath: /vault/userconfig/vault-server-tls - mountPath: /vault/userconfig/vault-server-tls
# name: userconfig-vault-server-tls name: userconfig-vault-server-tls
# readOnly: true readOnly: true
# This configures the Vault Statefulset to create a PVC for audit logs. # This configures the Vault Statefulset to create a PVC for audit logs.
# See https://www.vaultproject.io/docs/audit/index.html to know more # See https://www.vaultproject.io/docs/audit/index.html to know more
@ -96,10 +96,12 @@ vault:
listener "tcp" { listener "tcp" {
address = "[::]:8200" address = "[::]:8200"
cluster_address = "[::]:8201" cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
seal "transit" { seal "transit" {
address = "https://192.168.20.253:8201" address = "http://192.168.20.253:8201"
disable_renewal = "false" disable_renewal = "false"
key_name = "autounseal" key_name = "autounseal"
mount_path = "transit/" mount_path = "transit/"
@ -110,13 +112,21 @@ vault:
path = "/vault/data" path = "/vault/data"
retry_join { retry_join {
leader_api_addr = "http://vault-0.vault-internal:8200" leader_api_addr = "http://vault-0.vault-internal:8200"
tls_skip_verify = "true" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-1.vault-internal:8200" leader_api_addr = "http://vault-1.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-2.vault-internal:8200" leader_api_addr = "http://vault-2.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
} }