VKPR vault install
Description
Install Vault into cluster. For more information about Vault, click here.
Commands
Interactive inputs:
vkpr vault install [flags]
Non-interactive without setting values or using VKPR Values
:
vkpr vault install --default
danger
Vault will always be installed in HA (High Availability), it is recommended that the cluster has at least 3 Nodes.
Argument Reference
Flags
--default Use to automatically fill inputs with default values
--dry_run Simulate an install
--domain Set the application address
--secure Using HTTPS in the application
--mode Specifies the Vault storage mode
--auto_unseal Enable to Auto Unseal the Vault with a Cloud provider
--ssl Defines that the application will use its own certificate
--crt_file Specifies the vault .crt file path
--key_file Specifies the vault .key file path
Values File
Globals
The following arguments are supported by the globals:
domain
- (Required) Define the domain used by the application. The default islocalhost
.secure
- (Required) Specifies if the services from the application will expose HTTPS ports inside the cluster. The default isfalse
.namespace
- (Optional) Define where the application will be provisioned. The default isvkpr
.ingressClassName
- (Optional) Define which ingress controller will expose the application. The default isnginx
.
Local
The following arguments are supported:
enabled
- (Optional) Enables the installation if performed with the command vkpr apply.namespace
- (Optional) Define where the application will be provisioned. The default isvkpr
.ingressClassName
- (Optional) Define which ingress controller will expose the application. The default isnginx
.metrics
- (Optional) Specifies if the application will expose your metrics. The default isfalse
.storageMode
- (Required) Specifies the Vault storage mode. Allowed Values:raft
,consul
. The default israft
.autoUnseal
- (Required) Enable to Auto Unseal the Vault with a Cloud provider. Allowed Values:aws
,azure
. The default isfalse
.ssl
enabled
- (Optional) Enable the manual certificate into ingress. The default isfalse
.crt
- Specify the certificate path.key
- Specify the key path.secretName
- (Optional) Specifies if the content from the application will be storage in a volume.
existingClaim
- (Optional) Specifies a existing PVC to associate to Vault.data
- Mount from Vault dataaudit
- (Optional) Mount from Vault Audit
helmArgs
- (Optional) Used when you need to change some value or add a new value to the helm values used by the formula.
caution
Using helmArgs the application may behave in a way that VKPR may not be used in the best way it was designed. Use it when you know what you're doing
Environment values
The following variables are supported:
namespace
- VKPR_ENV_VAULT_NAMESPACEingressClassName
- VKPR_ENV_VAULT_INGRESS_CLASS_NAMEstorageMode
- VKPR_ENV_VAULT_STORAGE_MODEautoUnseal
- VKPR_ENV_VAULT_AUTO_UNSEALmetrics
- VKPR_ENV_VAULT_METRICSssl
enabled
- VKPR_ENV_VAULT_SSLcrt
- VKPR_ENV_VAULT_CERTIFICATEkey
- VKPR_ENV_VAULT_KEYsecretName
- VKPR_ENV_VAULT_SSL_SECRET
existingClaim
data
- VKPR_ENV_VAULT_EXISTING_CLAIM_DATAaudit
- VKPR_ENV_VAULT_EXISTING_CLAIM_AUDIT
Setting Provider credentials
CAUTION: Setting credentials manually will override the credentials already saved in memory
AWS
rit set credential --provider="aws" --fields="accesskeyid,secretaccesskey,region,kmskeyid,kmsendpoint" --values="your-accesskey,your-secretaccess,your-region,your-kmskeyid,your-kmsendpoint"
Azure
rit set credential --provider="azure" --fields="azuretenantid,azureclientid,azureclientsecret,vaultazurekeyvaultvaultname,vaultazurekeyvaultkeyname" --values="your-azuretenantid,your-azureclientid,your-azureclientsecret,your-vaultazurekeyvaultvaultname,your-vaultazurekeyvaultkeyname,"
About the Formula
Chart Version
: 0.22.0
Application Version
: v1.11.3
Helm Chart
: hashicorp/vault
See Also
- VKPR vault remove - Uninstall vault from the cluster.