Skip to main content

VKPR vault install

Description

Install Vault into cluster. For more information about Vault, click here.

Commands

Interactive inputs:

  vkpr vault install [flags]

Non-interactive without setting values or using VKPR Values:

  vkpr vault install --default
danger

Vault will always be installed in HA (High Availability), it is recommended that the cluster has at least 3 Nodes.

Argument Reference

Flags

  --default       Use to automatically fill inputs with default values
--dry_run Simulate an install
--domain Set the application address
--secure Using HTTPS in the application
--mode Specifies the Vault storage mode
--auto_unseal Enable to Auto Unseal the Vault with a Cloud provider
--ssl Defines that the application will use its own certificate
--crt_file Specifies the vault .crt file path
--key_file Specifies the vault .key file path

Values File

Globals

The following arguments are supported by the globals:

  • domain - (Required) Define the domain used by the application. The default is localhost.
  • secure - (Required) Specifies if the services from the application will expose HTTPS ports inside the cluster. The default is false.
  • namespace - (Optional) Define where the application will be provisioned. The default is vkpr.
  • ingressClassName - (Optional) Define which ingress controller will expose the application. The default is nginx.

Local

The following arguments are supported:

  • enabled - (Optional) Enables the installation if performed with the command vkpr apply.
  • namespace - (Optional) Define where the application will be provisioned. The default is vkpr.
  • ingressClassName - (Optional) Define which ingress controller will expose the application. The default is nginx.
  • metrics - (Optional) Specifies if the application will expose your metrics. The default is false.
  • storageMode - (Required) Specifies the Vault storage mode. Allowed Values: raft, consul. The default is raft.
  • autoUnseal - (Required) Enable to Auto Unseal the Vault with a Cloud provider. Allowed Values: aws, azure. The default is false.
  • ssl
    • enabled - (Optional) Enable the manual certificate into ingress. The default is false.
    • crt - Specify the certificate path.
    • key - Specify the key path.
    • secretName - (Optional) Specifies if the content from the application will be storage in a volume.
  • existingClaim - (Optional) Specifies a existing PVC to associate to Vault.
    • data - Mount from Vault data
    • audit - (Optional) Mount from Vault Audit
  • helmArgs - (Optional) Used when you need to change some value or add a new value to the helm values used by the formula.
caution

Using helmArgs the application may behave in a way that VKPR may not be used in the best way it was designed. Use it when you know what you're doing

Environment values

The following variables are supported:

  • namespace - VKPR_ENV_VAULT_NAMESPACE
  • ingressClassName - VKPR_ENV_VAULT_INGRESS_CLASS_NAME
  • storageMode - VKPR_ENV_VAULT_STORAGE_MODE
  • autoUnseal - VKPR_ENV_VAULT_AUTO_UNSEAL
  • metrics - VKPR_ENV_VAULT_METRICS
  • ssl
    • enabled - VKPR_ENV_VAULT_SSL
    • crt - VKPR_ENV_VAULT_CERTIFICATE
    • key - VKPR_ENV_VAULT_KEY
    • secretName - VKPR_ENV_VAULT_SSL_SECRET
  • existingClaim
    • data - VKPR_ENV_VAULT_EXISTING_CLAIM_DATA
    • audit - VKPR_ENV_VAULT_EXISTING_CLAIM_AUDIT

Setting Provider credentials

CAUTION: Setting credentials manually will override the credentials already saved in memory

AWS

  rit set credential --provider="aws" --fields="accesskeyid,secretaccesskey,region,kmskeyid,kmsendpoint" --values="your-accesskey,your-secretaccess,your-region,your-kmskeyid,your-kmsendpoint"

Azure

  rit set credential --provider="azure" --fields="azuretenantid,azureclientid,azureclientsecret,vaultazurekeyvaultvaultname,vaultazurekeyvaultkeyname" --values="your-azuretenantid,your-azureclientid,your-azureclientsecret,your-vaultazurekeyvaultvaultname,your-vaultazurekeyvaultkeyname,"

About the Formula

Chart Version: 0.22.0
Application Version: v1.11.3
Helm Chart: hashicorp/vault

See Also