Difference between revisions of "Vault postgresql"
Jump to navigation
Jump to search
(Created page with "https://gist.github.com/talalUcef/5a800d2dc4427eb4df1a89c57a315c66") |
|||
| Line 1: | Line 1: | ||
https://gist.github.com/talalUcef/5a800d2dc4427eb4df1a89c57a315c66 | https://gist.github.com/talalUcef/5a800d2dc4427eb4df1a89c57a315c66 | ||
| + | |||
| + | values.yaml | ||
| + | ``` | ||
| + | injector: | ||
| + | # True if you want to enable vault agent injection. | ||
| + | enabled: "false" | ||
| + | |||
| + | server: | ||
| + | |||
| + | # Affinity Settings | ||
| + | # Commenting out or setting as empty the affinity variable, will allow | ||
| + | # deployment to single node services such as Minikube | ||
| + | affinity: null | ||
| + | |||
| + | # Run Vault in "standalone" mode. This is the default mode that will deploy if | ||
| + | # no arguments are given to helm. This requires a PVC for data storage to use | ||
| + | # the "file" backend. This mode is not highly available and should not be scaled | ||
| + | # past a single replica. | ||
| + | standalone: | ||
| + | enabled: "false" | ||
| + | |||
| + | # Run Vault in "HA" mode. There are no storage requirements unless audit log | ||
| + | # persistence is required. In HA mode Vault will configure itself to use Consul | ||
| + | # for its storage backend. The default configuration provided will work the Consul | ||
| + | # Helm project by default. It is possible to manually configure Vault to use a | ||
| + | # different HA backend. | ||
| + | ha: | ||
| + | enabled: "true" | ||
| + | # config is a raw string of default configuration when using a Stateful | ||
| + | # deployment. Default is to use a Consul for its HA storage backend. | ||
| + | # This should be HCL. | ||
| + | |||
| + | # Note: Configuration files are stored in ConfigMaps so sensitive data | ||
| + | # such as passwords should be either mounted through extraSecretEnvironmentVars | ||
| + | # or through a Kube secret. For more information see: | ||
| + | # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations | ||
| + | config: | | ||
| + | ui = true | ||
| + | |||
| + | listener "tcp" { | ||
| + | tls_disable = 1 | ||
| + | address = "[::]:8200" | ||
| + | cluster_address = "[::]:8201" | ||
| + | } | ||
| + | |||
| + | storage "postgresql" { | ||
| + | connection_url="postgres://postgres:hGDGcMCf06@postgres-release-postgresql.postgres.svc.cluster.local:5432/vaultdb?sslmode=disable" | ||
| + | table="vault_kv_store", | ||
| + | ha_enabled=true, | ||
| + | ha_table="vault_ha_locks" | ||
| + | } | ||
| + | |||
| + | service_registration "kubernetes" {} | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | # Create a namespace for Vault | ||
| + | kubectl create namespace vault | ||
| + | |||
| + | #Add helm official repo for Vault | ||
| + | helm repo add hashicorp https://helm.releases.hashicorp.com | ||
| + | |||
| + | # Install Vault helm chart | ||
| + | helm install vault-release vault --namespace vault -f values.yaml | ||
| + | |||
| + | # Expose Vault service locally | ||
| + | kubectl port-forward --namespace vault svc/vault 8200:8200 | ||
| + | ``` | ||
Latest revision as of 01:20, 22 May 2024
https://gist.github.com/talalUcef/5a800d2dc4427eb4df1a89c57a315c66
values.yaml
injector:
# True if you want to enable vault agent injection.
enabled: "false"
server:
# Affinity Settings
# Commenting out or setting as empty the affinity variable, will allow
# deployment to single node services such as Minikube
affinity: null
# Run Vault in "standalone" mode. This is the default mode that will deploy if
# no arguments are given to helm. This requires a PVC for data storage to use
# the "file" backend. This mode is not highly available and should not be scaled
# past a single replica.
standalone:
enabled: "false"
# Run Vault in "HA" mode. There are no storage requirements unless audit log
# persistence is required. In HA mode Vault will configure itself to use Consul
# for its storage backend. The default configuration provided will work the Consul
# Helm project by default. It is possible to manually configure Vault to use a
# different HA backend.
ha:
enabled: "true"
# config is a raw string of default configuration when using a Stateful
# deployment. Default is to use a Consul for its HA storage backend.
# This should be HCL.
# Note: Configuration files are stored in ConfigMaps so sensitive data
# such as passwords should be either mounted through extraSecretEnvironmentVars
# or through a Kube secret. For more information see:
# https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "postgresql" {
connection_url="postgres://postgres:hGDGcMCf06@postgres-release-postgresql.postgres.svc.cluster.local:5432/vaultdb?sslmode=disable"
table="vault_kv_store",
ha_enabled=true,
ha_table="vault_ha_locks"
}
service_registration "kubernetes" {}
# Create a namespace for Vault kubectl create namespace vault #Add helm official repo for Vault helm repo add hashicorp https://helm.releases.hashicorp.com # Install Vault helm chart helm install vault-release vault --namespace vault -f values.yaml # Expose Vault service locally kubectl port-forward --namespace vault svc/vault 8200:8200