refactor(vault): disable dev mode

2025-02-03 12:54:54 +07:00 · 2022-05-08 13:04:34 +07:00 · 2022-05-08 13:04:34 +07:00 · 295d43f579
commit 295d43f579
parent 1620404ac6
1 changed files with 41 additions and 2 deletions
--- a/platform/vault/values.yaml
+++ b/platform/vault/values.yaml
@ -2,6 +2,47 @@ vault:
  injector:
    enabled: false
  server:
+    # TODO enable TLS?
+    ha:
+      enabled: true
+      replicas: 3
+      raft:
+        enabled: true
+        setNodeId: true
+        config: |
+          ui = true
+
+          listener "tcp" {
+            tls_disable = 1
+            address = "[::]:8200"
+            cluster_address = "[::]:8201"
+          }
+
+          storage "raft" {
+            path = "/vault/data"
+
+            retry_join {
+              leader_api_addr = "http://vault-0.vault-internal:8200"
+            }
+            retry_join {
+              leader_api_addr = "http://vault-1.vault-internal:8200"
+            }
+            retry_join {
+              leader_api_addr = "http://vault-2.vault-internal:8200"
+            }
+
+            autopilot {
+              cleanup_dead_servers = "true"
+              last_contact_threshold = "200ms"
+              last_contact_failure_threshold = "10m"
+              max_trailing_logs = 250000
+              min_quorum = 3
+              server_stabilization_time = "10s"
+            }
+          }
+
+          service_registration "kubernetes" {}
+
    dataStorage:
      storageClass: longhorn
    ingress:
@ -17,5 +58,3 @@ vault:
        - secretName: vault-tls-certificate
          hosts:
            - *host
-    dev:
-      enabled: true  # TODO disable vault dev mode