Chart version: v0.3.0
Api version: v1
App version: v0.3.0
Vault Operator by AppsCode - HashiCorp Vault Operator for Kuber...
Chart Type
Set me up:
helm repo add center
Install Chart:
helm install vault-operator center/appscode/vault-operator
Versions (0)

Vault Operator

Vault Operator by AppsCode - HashiCorp Vault Operator for Kubernetes


$ helm repo add appscode
$ helm repo update
$ helm install vault-operator appscode/vault-operator -n kube-system


This chart bootstraps a HashiCorp Vault controller deployment on a Kubernetes cluster using the Helm package manager.


  • Kubernetes 1.11+

Installing the Chart

To install the chart with the release name vault-operator:

$ helm install vault-operator appscode/vault-operator -n kube-system

The command deploys Vault operator on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the vault-operator:

$ helm uninstall vault-operator -n kube-system

The command removes all the Kubernetes components associated with the chart and deletes the release.


The following table lists the configurable parameters of the Vault chart and their default values.

Parameter Description Default
replicaCount Number of Vault operator replicas to create (only 1 is supported) 1
operator.registry Docker registry used to pull Vault operator image kubevault
operator.repository Vault operator container image vault-operator
operator.tag Vault operator container image tag v0.3.0
cleaner.registry Docker registry used to pull Webhook cleaner image appscode
cleaner.repository Webhook cleaner container image kubectl
cleaner.tag Webhook cleaner container image tag v1.11
imagePullSecrets Specify image pull secrets []
imagePullPolicy Image pull policy IfNotPresent
criticalAddon If true, installs Vault operator as critical addon false
logLevel Log level for operator 3
affinity Affinity rules for pod assignment {}
nodeSelector Node labels for pod assignment {}
tolerations Tolerations used pod assignment {}
serviceAccount.create If true, create a new service account true Service account to be used. If not set and serviceAccount.create is true, a name is generated using the fullname template ā€œ
apiserver.groupPriorityMinimum The minimum priority the group should have. 10000
apiserver.versionPriority The ordering of this API inside of the group. 15
apiserver.enableValidatingWebhook Enable validating webhooks for Vault CRDs true
apiserver.enableMutatingWebhook Enable mutating webhooks for Vault CRDs true CA certificate used by main Kubernetes api server not-ca-cert
apiserver.bypassValidatingWebhookXray If true, bypasses validating webhook xray checks false
apiserver.useKubeapiserverFqdnForAks If true, uses kube-apiserver FQDN for AKS cluster to workaround true
apiserver.healthcheck.enabled Enable readiness and liveliness probes false
apiserver.servingCerts.generate If true, generate on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate vault-operator pods. Otherwise specify in apiserver.servingCerts.{caCrt, serverCrt, serverKey}. See also: example terraform true
enableAnalytics Send usage events to Google Analytics true
monitoring.agent Specify which monitoring agent to use for monitoring Vault. It accepts either or none
monitoring.operator Specify whether to monitor Vault operator. false
monitoring.prometheus.namespace Specify the namespace where Prometheus server is running or will be deployed. Release namespace
monitoring.serviceMonitor.labels Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is app: <generated app name> and release: <release name>
clusterName Specify the name of cluster used in a multi-cluster setup

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:

$ helm install vault-operator appscode/vault-operator -n kube-system --set image.tag=v0.3.0

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example:

$ helm install vault-operator appscode/vault-operator -n kube-system --values values.yaml