Panfactum LogoPanfactum
Infrastructure ModulesKuberneteskube_vault

Hashicorp Vault

kube_vault
Stable
Live
Source Code Link

This module deploys Hashicorp Vault to the cluster via the helm chart.

Providers

The following providers are needed by this module:

  • aws (5.39.1)

  • helm (2.12.1)

  • kubernetes (2.27.0)

  • random (3.6.0)

Required Inputs

The following input variables are required:

eks_cluster_name

Description: The name of the EKS cluster.

Type: string

environment_domains

Description: The public domains on which the vault subdomain will be created for vault connectivity (e.g., the input production.panfactum.com will expose vault on vault.production.panfactum.com).

Type: list(string)

Optional Inputs

The following input variables are optional (have default values):

admin_iam_arns

Description: List of IAM arns for encryption key admins.

Type: list(string)

Default: []

aws_iam_ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

Default: []

ingress_enabled

Description: Whether or not to enable the ingress for routing traffic to vault

Type: bool

Default: false

pull_through_cache_enabled

Description: Whether to use the ECR pull through cache for the deployed images

Type: bool

Default: false

reader_iam_arns

Description: List of IAM arns for users who can use the encryption key for encryption and decryption.

Type: list(string)

Default: []

restricted_reader_iam_arns

Description: List of IAM arns for users who can only view the encryption key.

Type: list(string)

Default: []

superuser_iam_arns

Description: List of IAM arns for encryption key superusers.

Type: list(string)

Default: []

vault_helm_version

Description: The version of the vault helm chart to deploy

Type: string

Default: "0.27.0"

vault_image_tag

Description: The version of vault to use

Type: string

Default: "1.14.7"

vault_storage_size_gb

Description: The number of gb to allocate to vault storage.

Type: number

Default: 20

vpa_enabled

Description: Whether the VPA resources should be enabled

Type: bool

Default: false

Outputs

The following outputs are exported:

vault_internal_url

Description: n/a

vault_urls

Description: n/a

Usage

No notes