What is the difference between ha.config and ha.raft.config in vault-helm values.yaml

As titled, I’m currently trying to deploy Vault via vault-helm and using the integrated Raft storage on k8s cluster. What puzzles me is the ha.config and ha.raft.config settings. At first I thought the ha.config is simply an example of how to configure Vault to use Consul storage, but it doesn’t seems like it since the schema has the same config string defined. So I’m wondering whether I should just reuse the definition in ha.raft.config into ha.config.

Following are my current overriding values:

  ha:
    # it will use Consol storage if enabled, we wanted to use Raft integrated storage here
    enabled: false
    replicas: 3

    # Set the api_addr configuration for Vault HA
    # See https://www.vaultproject.io/docs/configuration#api_addr
    # If set to null, this will be set to the Pod IP Address
    apiAddr: null

    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
    # Vault's persistence is external (such as Consul), enabling Raft mode will create
    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
    # The Vault cluster will coordinate leader elections and failovers internally.
    raft:
      # Enables Raft integrated storage
      enabled: true
      # Set the Node Raft ID to the name of the pod
      setNodeId: false

      # Note: Configuration files are stored in ConfigMaps so sensitive data
      # such as passwords should be either mounted through extraSecretEnvironmentVars
      # or through a Kube secret.  For more information see:
      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
      config: |
        ui = true
        listener "tcp" {
          tls_disable = 0
          address = "[::]:8200"
          cluster_address = "[::]:8201"
          tls_cert_file = "/vault/userconfig/vault-secret/vault-server-bundle.pem"
          tls_key_file = "/vault/userconfig/vault-secret/vault-server-key.pem"
        }
        storage "raft" {
          path = "/vault/data"
        }
        service_registration "kubernetes" {}
        
    # config is a raw string of default configuration when using a Stateful
    # deployment. Default is to use a Consul for its HA storage backend.
    # This should be HCL.

    # Note: Configuration files are stored in ConfigMaps so sensitive data
    # such as passwords should be either mounted through extraSecretEnvironmentVars
    # or through a Kube secret.  For more information see:
    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
    config: |
      ui = true
      listener "tcp" {
        tls_disable = 1
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }
      storage "consul" {
        path = "vault"
        address = "HOST_IP:8500"
      }
      service_registration "kubernetes" {}

Bump and still no reply?

I understood it like that if you are only enabling ha.enabled=True then it’s using ha.config as the relevant setting. If on top of ha.enabled=True you are setting ha.raft.enabled=True then it’s using ha.raft.config and ignores ha.config.

That’s how I configured it and it’s working like that. But this is only what I presume.