search

hashicorp / vault-helm

Helm chart to install Vault and other associated components.
Mozilla Public License 2.0
1.07k stars 875 forks source link

Allow to override VAULT_CLUSTER_ADDR and VAULT_ADDR #397

Open omerlh opened 3 years ago

omerlh commented 3 years ago

Is your feature request related to a problem? Please describe. Right now those values are set to the internal pod dns, e.g.. https://vault-0.vault-internal:8201. While this works, I am trying to set up Vault over multiple clusters, using internal loadbalancer.

I tried to set the value in the config:

config: |
        ui = true
        api_addr = "<ilb ip>:8200"
        cluster_addr = "<ilb ip>:8200"

But it seems this is being overridden by the environment variable:

==> Vault server configuration: GCP KMS Crypto Key: <> GCP KMS Key Ring: <> GCP KMS Project: <> GCP KMS Region: global Seal Type: gcpckms Api Address: http://:8200 Cgo: disabled Cluster Address: https://vault-0.vault-internal:8201 Listener 1: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_reques t_duration: "1m30s", max_request_size: "33554432", tls: "disabled") Log Level: info Mlock: supported: true, enabled: false Recovery Mode: false Storage: gcs (HA available) Version: Vault v1.4.2

Describe the solution you'd like Allow to override those values using values.yaml, e.g. by setting server.clusterAddress and sever.address, or even to disable the env var, so the config will be applied.

ngarafol commented 3 years ago

You could play with values by overriding it here:

https://github.com/hashicorp/vault-helm/blob/master/templates/server-statefulset.yaml#L104 and https://github.com/hashicorp/vault-helm/blob/master/templates/server-statefulset.yaml#L88

Basically cluster address is needed, vault_addr is only for local stuff. Cluster address is for remote connections ...

omerlh commented 3 years ago

Yeah, I figured - I can open a PR, but I don't see how i can do without it

ngarafol commented 3 years ago

Here is commit that allows configurable VAULT_API_ADDR so might build on that and PR https://github.com/rayisbadat/vault-helm/commit/e218a687c98318bc0209570504a90f07959278f8

Co0ker commented 3 years ago

+1 Standby pods cannot reach the master and the environment variable takes precedence over the value in the configuration file

llivingstone commented 3 years ago

Bumping this - Multiple PRs have been created regarding this, can we approve and merge one of them please?

jawnsy commented 1 year ago

I think this is resolved in https://github.com/hashicorp/vault-helm/pull/709

nia-potato commented 1 year ago

I seem to still not be able to override these values in current helm chart, i am trying to bind a static internal IP in a VPC on gcp, but it still defaults to $POD_IP envar after setting it to the internal IP, did i miss something?