vault-armada-app/stx-vault-helm/stx-vault-helm/manifests/vault_manifest.yaml

---
schema: armada/Chart/v1
metadata:
  schema: metadata/Document/v1
  name: vault-psp-rolebinding
data:
  chart_name: vault-psp-rolebinding
  release: vault-psp-rolebinding
  namespace: vault
  values:
    rolebindingNamespace: vault
    serviceAccount: vault
  source:
    location: http://172.17.0.1:8080/helm_charts/stx-platform/psp-rolebinding-0.1.0.tgz
    subpath: psp-rolebinding
    type: tar
    reference: master
  upgrade:
    no_hooks: false
    pre:
      delete:
      - labels:
          release_group: vault-psp-rolebinding
        type: job
  wait:
    labels:
      release_group: vault-psp-rolebinding
    resources: []
    timeout: 1800
  dependencies: []
---
schema: armada/Chart/v1
metadata:
  schema: metadata/Document/v1
  name: vault
data:
  chart_name: vault
  release: vault
  namespace: vault
  wait:
    timeout: 1800
    labels:
      app: vault
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
    pre:
      delete:
        - type: job
          labels:
            app: vault
  values:
    global:
      enabled: true
      tlsDisable: false
      imagePullSecrets:
        - name: default-registry-key
    injector:
      enabled: true
      nodeSelector: |
        node-role.kubernetes.io/master: ""        
      image:
        repository: hashicorp/vault-k8s
        tag: 0.4.0
      agentImage:
        repository: vault
        tag: 1.4.2
    server:
      affinity: |
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app.kubernetes.io/name: {{ template "vault.name" . }}
                  app.kubernetes.io/instance: "{{ .Release.Name }}"
                  component: server
              topologyKey: kubernetes.io/hostname        
      image:
        repository: vault
        tag: 1.4.2
      auditStorage:
        enabled: true
        size: 10Gi
      ha:
        enabled: true
        replicas: 3
        raft:
          enabled: true
          config: |
            ui = true

            listener "tcp" {
              tls_disable = 0
              address = "[::]:8200"
              cluster_address = "[::]:8201"
              tls_cert_file = "/vault/userconfig/vault-server-tls/tls.crt"
              tls_key_file  = "/vault/userconfig/vault-server-tls/tls.key"
              tls_client_ca_file = "/vault/userconfig/vault-server-tls/ca.crt"
            }

            storage "raft" {
              path = "/vault/data"
            }

            service_registration "kubernetes" {}            
      extraLabels:
        app: vault
      extraEnvironmentVars:
        VAULT_CACERT: /vault/userconfig/vault-server-tls/ca.crt
      extraVolumes:
        - type: secret
          name: vault-server-tls
  source:
    type: tar
    location: http://172.17.0.1/helm_charts/stx-platform/vault-0.6.0.tgz
    subpath: vault
    reference: master
  dependencies: []
---
schema: armada/ChartGroup/v1
metadata:
  schema: metadata/Document/v1
  name: vault
data:
  description: "Deploy Vault"
  sequenced: false
  chart_group:
    - vault
    - vault-psp-rolebinding
---
schema: armada/Manifest/v1
metadata:
  schema: metadata/Document/v1
  name: vault-manifest
data:
  release_prefix: sva
  chart_groups:
    - vault