Attention: Deprecation notice for Bintray, JCenter, GoCenter and ChartCenter. Learn More
appscode/csi-vault
CSI Vault
CSI Driver for Vault by AppsCode
TL;DR;
$ helm repo add appscode https://charts.appscode.com/stable/
$ helm repo update
$ helm install csi-vault appscode/csi-vault -n kube-system
Introduction
This chart bootstraps a Vault CSI Driver on a Kubernetes cluster using the Helm package manager.
Prerequisites
- Kubernetes v1.14+
--allow-privileged
flag must be set to true for both the API server and the kubelet- (If you use Docker) The Docker daemon of the cluster nodes must allow shared mounts
- Pre-installed HashiCorp Vault server.
Installing the Chart
To install the chart with the release name csi-vault
$ helm install csi-vault appscode/csi-vault -n kube-system
This command deploys CSI Driver for Vault on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Uninstalling the Chart
To uninstall/delete the csi-vault
:
$ helm uninstall csi-vault -n kube-system
The command removes all the Kubernetes components associated with the chart and deletes the release.
Configuration
The following table lists the configurable parameters of the Stash chart and their default values.
Parameter | Description | Default |
---|---|---|
replicaCount |
Number of Vault operator replicas to create (only 1 is supported) | 1 |
attacher.name |
Name of the attacher component | attacher |
attacher.registry |
Docker registry used to pull CSI attacher image | quay.io/k8scsi |
attacher.repository |
CSI attacher container image | csi-attacher |
attacher.tag |
CSI attacher container image tag | v1.0.1 |
attacher.pullPolicy |
CSI attacher container image pull policy | IfNotPresent |
plugin.name |
Name of the plugin component | plugin |
plugin.registry |
Docker registry used to pull Vault CSI driver image | kubevault |
plugin.repository |
Vault CSI driver container image | csi-vault |
plugin.tag |
Vault CSI driver container image tag | v0.3.0 |
plugin.pullPolicy |
Vault CSI driver container image pull policy | IfNotPresent |
provisioner.name |
Name of the provisioner component | provisioner |
provisioner.registry |
Docker registry used to pull CSI provisioner image | quay.io/k8scsi |
provisioner.repository |
CSI provisioner container image | csi-provisioner |
provisioner.tag |
CSI provisioner container image tag | v1.0.1 |
provisioner.pullPolicy |
CSI provisioner container image pull policy | IfNotPresent |
clusterRegistrar.registry |
Docker registry used to pull CSI driver cluster registrar image | quay.io/k8scsi |
clusterRregistrar.repository |
CSI driver cluster registrar container image | csi-cluster-driver-registrar |
clusterRregistrar.tag |
CSI driver cluster registrar container image tag | v1.0.1 |
clusterRregistrar.pullPolicy |
CSI driver cluster registrar container image pull policy | IfNotPresent |
nodeRegistrar.registry |
Docker registry used to pull CSI driver node registrar image | quay.io/k8scsi |
nodeRregistrar.repository |
CSI driver node registrar container image | csi-node-driver-registrar |
nodeRregistrar.tag |
CSI driver node registrar container image tag | v1.0.1 |
nodeRregistrar.pullPolicy |
CSI driver node registrar container image pull policy | IfNotPresent |
driverName |
Vault CSI driver name | com.kubevault.csi.secrets |
pluginAddress |
Vault CSI driver endpoint address | /csi/csi.sock |
pluginDir |
Vault CSI driver plugin directory | /csi |
attachRequired |
Indicates CSI volume driver requires an attach operation | false |
appbinding.create |
If true, AppBinding CRD will be created | true |
imagePullSecrets |
Specify image pull secrets | [] |
criticalAddon |
If true, installs Vault CSI driver as critical addon | false |
logLevel |
Log level for CSI driver | 3 |
affinity |
Affinity rules for pod assignment | {} |
nodeSelector |
Node labels for pod assignment | {} |
tolerations |
Tolerations used pod assignment | {} |
apiserver.useKubeapiserverFqdnForAks |
If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 | true |
apiserver.healthcheck.enabled |
Enable readiness and liveliness probes | true |
enableAnalytics |
Send usage events to Google Analytics | true |
monitoring.agent |
Specify which monitoring agent to use for monitoring Vault. It accepts either prometheus.io/builtin or prometheus.io/coreos-operator . |
none |
monitoring.node |
Specify whether to monitor Vault CSI driver node plugin. | false |
monitoring.controller |
Specify whether to monitor Vault CSI driver controllerplugin. | false |
monitoring.prometheus.namespace |
Specify the namespace where Prometheus server is running or will be deployed. | Release namespace |
monitoring.serviceMonitor.labels |
Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is prometheus.io/coreos-operator . |
app: <generated app name> and release: <release name> |
Specify each parameter using the --set key=value[,key=value]
argument to helm install
. For example:
$ helm install csi-vault appscode/csi-vault -n kube-system --set plugin.tag=v0.3.0
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:
$ helm install csi-vault appscode/csi-vault -n kube-system --values values.yaml