Vault
Standalone server with audit storage
Important Note: This chart is not compatible with Helm 2. Please use Helm 3.6+ with this chart.
The below values.yaml can be used to set up a single server Vault cluster with
auditing enabled.
server:
standalone:
enabled: true
config: |
listener "tcp" {
tls_disable = true
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}
service:
enabled: true
dataStorage:
enabled: true
size: 10Gi
storageClass: null
accessMode: ReadWriteOnce
auditStorage:
enabled: true
size: 10Gi
storageClass: null
accessMode: ReadWriteOnce
After Vault has been deployed, initialized and unsealed, auditing can be enabled by running the following command against the Vault pod:
$ kubectl exec -ti <POD NAME> -- vault audit enable file file_path=/vault/audit/vault_audit.log