Is your feature request related to a problem? Please describe.
I'm trying to implement the Vault reference architecture. There are some recommendations which aren't possible to follow with this chart alone.
For exposing the Vault service outside of a dedicated cluster, none of the existing Services (vault, vault-standby, vault-active or vault-ui) are suitable:
None of the services allow you to set spec.externalTrafficPolicy which should be set to "local"
Only vault-ui is supported with type LoadBalancer (with chosen loadBalancerIP), but I may want to run my Vault cluster with ui=off. While the service would be fine, this would be quite misleading.
Note that Ingress is also recommended against.
Describe the solution you'd like
I'd like if the chart defined an optional Service (perhaps named vault-lb) which is:
type: "LoadBalancer"
configurable loadBalancerIP
spec.externalTrafficPolicy: "local"
selects active Vault node
Happy to make a PR if this is considered desirable.
If all these settings were configurable with values.yaml, this Service would make it possible to deprecate vault-ui.
Describe alternatives you've considered
Could add spec.externalTrafficPolicy to vault-ui, and then there's enough in values.yaml to configure it to meet the recommendations, but the name is misleading if you don't want to turn Vault's UI on. At the moment, I have to apply a manifest to define a Service as per the reference documentation after installing the chart.
Is your feature request related to a problem? Please describe. I'm trying to implement the Vault reference architecture. There are some recommendations which aren't possible to follow with this chart alone.
For exposing the Vault service outside of a dedicated cluster, none of the existing Services (vault, vault-standby, vault-active or vault-ui) are suitable:
Note that Ingress is also recommended against.
Describe the solution you'd like I'd like if the chart defined an optional Service (perhaps named vault-lb) which is:
Happy to make a PR if this is considered desirable.
If all these settings were configurable with values.yaml, this Service would make it possible to deprecate vault-ui.
Describe alternatives you've considered Could add spec.externalTrafficPolicy to vault-ui, and then there's enough in values.yaml to configure it to meet the recommendations, but the name is misleading if you don't want to turn Vault's UI on. At the moment, I have to apply a manifest to define a Service as per the reference documentation after installing the chart.