Hello,
I’m making an override yaml file to deploy Vault on Kubernetes cluster using Helm chart.
I can’t understand one block. In the documentation, it is described like
A raw string of extra HCL or JSON configuration for Vault servers. This will be saved as-is into a ConfigMap that is read by the Vault servers. This can be used to add additional configuration that isn’t directly exposed by the chart. If an object is provided, it will be written as JSON.
and can be applied to server.ha.config and server.ha.raft.config . I’m not strong in Helm charts and don’t understand how such configuration is applied to ConfigMap files. Will it have a different effect if applied to those two different paths?
Here is one example, where extra configuration is applied to server.ha.config:
# ExtraConfig values are formatted as a multi-line string:
config: |
ui = true
api_addr = "http://POD_IP:8200"
listener "tcp" {
tls_disable = 1
address = "0.0.0.0:8200"
}
storage "consul" {
path = "vault/"
address = "HOST_IP:8500"
}
and here there is example when extra config is applied to server.ha.raft.config:
ha:
enabled: true
replicas: 3
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
tls_disable = 0
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-ha-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-ha-tls/vault.key"
tls_client_ca_file = "/vault/userconfig/vault-ha-tls/vault.ca"
}
storage "raft" {
path = "/vault/data"
}
disable_mlock = true
service_registration "kubernetes" {}
I’m following the latter guide, but want to understand what is the difference between server.ha.config and server.ha.raft.config