kube_vault
Hashicorp Vault
This module deploys Hashicorp Vault to the cluster via the helm chart.
Providers
The following providers are needed by this module:
Required Inputs
The following input variables are required:
eks_cluster_name
Description: The name of the EKS cluster.
Type: string
vault_domain
Description: The public domain for the Vault cluster
Type: string
Optional Inputs
The following input variables are optional (have default values):
admin_iam_arns
Description: List of IAM arns for encryption key admins.
Type: list(string)
Default: []
aws_iam_ip_allow_list
Description: A list of IPs that can use the service account token to authenticate with AWS API
Type: list(string)
Default: []
cdn_mode_enabled
Description: Whether to enable CDN mode for the Vault ingress
Type: bool
Default: true
cors_enabled
Description: Whether to enable CORS handling in the Vault ingress
Type: bool
Default: false
cors_extra_allowed_origins
Description: Extra allowed origins for CORS handling
Type: list(string)
Default: []
enhanced_ha_enabled
Description: Whether to add extra high-availability scheduling constraints at the trade-off of increased cost
Type: bool
Default: true
ingress_enabled
Description: Whether or not to enable the ingress for routing traffic to vault
Type: bool
Default: false
monitoring_enabled
Description: Whether to allow monitoring CRs to be deployed in the namespace
Type: bool
Default: false
panfactum_scheduler_enabled
Description: Whether to use the Panfactum pod scheduler with enhanced bin-packing
Type: bool
Default: false
pull_through_cache_enabled
Description: Whether to use the ECR pull through cache for the deployed images
Type: bool
Default: true
reader_iam_arns
Description: List of IAM arns for users who can use the encryption key for encryption and decryption.
Type: list(string)
Default: []
restricted_reader_iam_arns
Description: List of IAM arns for users who can only view the encryption key.
Type: list(string)
Default: []
superuser_iam_arns
Description: List of IAM arns for encryption key superusers.
Type: list(string)
Default: []
vault_helm_version
Description: The version of the vault helm chart to deploy
Type: string
Default: "0.27.0"
vault_image_tag
Description: The version of vault to use
Type: string
Default: "1.14.7"
vault_storage_increase_gb
Description: The GB to increase storage by if free space drops below the threshold
Type: number
Default: 1
vault_storage_increase_threshold_percent
Description: Dropping below this percent of free storage will trigger an automatic increase in storage size
Type: number
Default: 20
vault_storage_limit_gb
Description: The maximum number of gigabytes of storage to provision for the postgres cluster
Type: number
Default: null
vault_storage_size_gb
Description: The number of gigabytes to allocate to vault storage.
Type: number
Default: 20
vpa_enabled
Description: Whether the VPA resources should be enabled
Type: bool
Default: false
Outputs
The following outputs are exported:
vault_domain
Description: n/a
vault_internal_url
Description: n/a
vault_url
Description: n/a
Maintainer Notes
No notes.