@helm-charts/banzaicloud-stable-vault-secrets-webhook v0.3.7-0.1.0

@helm-charts/banzaicloud-stable-vault-secrets-webhook

A Helm chart that deploys a mutating admission webhook that configures applications to request env vars from Vault Secrets

# Default values for spot-config-webhook.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

replicaCount: 1

debug: false

image:
  repository: banzaicloud/vault-secrets-webhook
  tag: 0.4.12
  pullPolicy: IfNotPresent

service:
  name: vault-secrets-webhook
  type: ClusterIP
  externalPort: 443
  internalPort: 8443

env:
  VAULT_IMAGE: vault:latest
  VAULT_ENV_IMAGE: banzaicloud/vault-env:latest

resources: {}

nodeSelector: {}

tolerations: []

affinity: {}

Vault Secrets webhook

This chart will install a mutating admission webhook, that injects an executable to containers in a deployment/statefulset which than can request secrets from Vault through environment variable definitions.

Installing the Chart

$ helm repo add banzaicloud-stable http://kubernetes-charts.banzaicloud.com/branch/master
$ helm repo update

The chart needs to be installed into it's own namespace to overcome recursive mutation issues, that namespace is ignored by the mutating webhook. See: https://github.com/banzaicloud/banzai-charts/issues/595#issuecomment-452223465 for more information.

$ helm upgrade --namespace vswh --install vswh banzaicloud-stable/vault-secrets-webhook

Configuration

The following tables lists configurable parameters of the vault-secrets-webhook chart and their default values.