DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
DeveloperDurp
2025-01-23 05:55:55 -06:00
parent 4087eb7aaf
commit 91001c230e
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
infra/vault/values.yaml
View File

@@ -60,7 +60,7 @@ vault:
enabled: true enabled: true
standalone: standalone:
enabled: false enabled: true
config: | config: |
disable_mlock = true disable_mlock = true
@@ -68,10 +68,12 @@ vault:
listener "tcp" { listener "tcp" {
address = "[::]:8200" address = "[::]:8200"
cluster_address = "[::]:8201" cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
seal "transit" { seal "transit" {
address = "http://192.168.20.253:8201" address = "https://root-vault.internal.durp.info"
disable_renewal = "false" disable_renewal = "false"
key_name = "autounseal" key_name = "autounseal"
mount_path = "transit/" mount_path = "transit/"
@@ -84,10 +86,10 @@ vault:
# Run Vault in "HA" mode. # Run Vault in "HA" mode.
ha: ha:
enabled: true enabled: false
replicas: 3 replicas: 3
raft: raft:
enabled: true enabled: false
setNodeId: true setNodeId: true
config: | config: |
@@ -101,7 +103,7 @@ vault:
} }
seal "transit" { seal "transit" {
address = "http://192.168.20.253:8201" address = "https://192.168.20.253:8201"
disable_renewal = "false" disable_renewal = "false"
key_name = "autounseal" key_name = "autounseal"
mount_path = "transit/" mount_path = "transit/"
@@ -111,19 +113,19 @@ vault:
storage "raft" { storage "raft" {
path = "/vault/data" path = "/vault/data"
retry_join { retry_join {
leader_api_addr = "http://vault-0.vault-internal:8200" leader_api_addr = "https://vault-0.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-1.vault-internal:8200" leader_api_addr = "https://vault-1.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-2.vault-internal:8200" leader_api_addr = "https://vault-2.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"