VKPR vault install
Description
Install Vault into cluster. For more information about Vault, click here.
Commands
Interactive inputs:
vkpr vault install [flags]
Non-interactive without setting values or using VKPR Values:
vkpr vault install --default
danger
Vault will always be installed in HA (High Availability), it is recommended that the cluster has at least 3 Nodes.
Argument Reference
Flags
--default Use to automatically fill inputs with default values
--dry_run Simulate an install
--domain Set the application address
--secure Using HTTPS in the application
--mode Specifies the Vault storage mode
--auto_unseal Enable to Auto Unseal the Vault with a Cloud provider
--ssl Defines that the application will use its own certificate
--crt_file Specifies the vault .crt file path
--key_file Specifies the vault .key file path
Values File
Globals
The following arguments are supported by the globals:
domain- (Required) Define the domain used by the application. The default islocalhost.secure- (Required) Specifies if the services from the application will expose HTTPS ports inside the cluster. The default isfalse.namespace- (Optional) Define where the application will be provisioned. The default isvkpr.ingressClassName- (Optional) Define which ingress controller will expose the application. The default isnginx.
Local
The following arguments are supported:
enabled- (Optional) Enables the installation if performed with the command vkpr apply.namespace- (Optional) Define where the application will be provisioned. The default isvkpr.ingressClassName- (Optional) Define which ingress controller will expose the application. The default isnginx.metrics- (Optional) Specifies if the application will expose your metrics. The default isfalse.storageMode- (Required) Specifies the Vault storage mode. Allowed Values:raft,consul. The default israft.autoUnseal- (Required) Enable to Auto Unseal the Vault with a Cloud provider. Allowed Values:aws,azure. The default isfalse.sslenabled- (Optional) Enable the manual certificate into ingress. The default isfalse.crt- Specify the certificate path.key- Specify the key path.secretName- (Optional) Specifies if the content from the application will be storage in a volume.
existingClaim- (Optional) Specifies a existing PVC to associate to Vault.data- Mount from Vault dataaudit- (Optional) Mount from Vault Audit
helmArgs- (Optional) Used when you need to change some value or add a new value to the helm values used by the formula.
caution
Using helmArgs the application may behave in a way that VKPR may not be used in the best way it was designed. Use it when you know what you're doing
Environment values
The following variables are supported:
namespace- VKPR_ENV_VAULT_NAMESPACEingressClassName- VKPR_ENV_VAULT_INGRESS_CLASS_NAMEstorageMode- VKPR_ENV_VAULT_STORAGE_MODEautoUnseal- VKPR_ENV_VAULT_AUTO_UNSEALmetrics- VKPR_ENV_VAULT_METRICSsslenabled- VKPR_ENV_VAULT_SSLcrt- VKPR_ENV_VAULT_CERTIFICATEkey- VKPR_ENV_VAULT_KEYsecretName- VKPR_ENV_VAULT_SSL_SECRET
existingClaimdata- VKPR_ENV_VAULT_EXISTING_CLAIM_DATAaudit- VKPR_ENV_VAULT_EXISTING_CLAIM_AUDIT
Setting Provider credentials
CAUTION: Setting credentials manually will override the credentials already saved in memory
AWS
rit set credential --provider="aws" --fields="accesskeyid,secretaccesskey,region,kmskeyid,kmsendpoint" --values="your-accesskey,your-secretaccess,your-region,your-kmskeyid,your-kmsendpoint"
Azure
rit set credential --provider="azure" --fields="azuretenantid,azureclientid,azureclientsecret,vaultazurekeyvaultvaultname,vaultazurekeyvaultkeyname" --values="your-azuretenantid,your-azureclientid,your-azureclientsecret,your-vaultazurekeyvaultvaultname,your-vaultazurekeyvaultkeyname,"
About the Formula
Chart Version: 0.22.0
Application Version: v1.11.3
Helm Chart: hashicorp/vault
See Also
- VKPR vault remove - Uninstall vault from the cluster.