vault: fullnameOverride: vault global: openshift: true server: standalone: enabled: false ha: enabled: true replicas: 3 raft: enabled: true setNodeId: true config: | ui = true listener "tcp" { address = "[::]:8200" cluster_address = "[::]:8201" tls_disable = 1 } storage "raft" { path = "/vault/data" retry_join { leader_api_addr = "http://vault-0.vault-internal:8200" } retry_join { leader_api_addr = "http://vault-1.vault-internal:8200" } retry_join { leader_api_addr = "http://vault-2.vault-internal:8200" } } service_registration "kubernetes" {} dataStorage: enabled: true size: 1Gi route: enabled: true activeService: true host: vault.example.com tls: insecureEdgeTerminationPolicy: Redirect termination: edge ui: enabled: true job: clusterApiUrl: "https://api.example.com:6443" keycloakUrl: "https://keycloak.example.com/auth/realms/shared" # Configuration for setting up resources in Keycloak to enable OIDC authentication. # Prerequisite: Ensure that the Keycloak Operator is installed and integrated with Keycloak. # Refer to the installation guide for the Keycloak Operator: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/keycloak-operator # # Additionally, necessary Keycloak resources such as realms, roles, and groups must be created # to support component functionality. This can be done using the provided add-ons or manually: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/kuberocketci-rbac oidc: enabled: false # This section enables configuration for using External Secrets Operator (ESO) as the secret manager. # Prerequisite: Ensure that ESO is installed in the cluster. # Refer to the EDP cluster add-on for ESO installation and setup: # https://github.com/epam/edp-cluster-add-ons/tree/main/clusters/core/addons/external-secrets # # Ensure that you have created the necessary roles for ESO integration. # Follow the detailed instructions here: # https://docs.kuberocketci.io/docs/operator-guide/secrets-management/external-secrets-operator-integration#aws-parameter-store-scenario-in-kuberocketci eso: # -- Install components of the ESO. enabled: true # -- Defines provider type. One of `aws` or `generic`. type: "aws" # -- Defines Secret Store name. secretStoreName: "aws-parameterstore" # -- Value name in AWS ParameterStore, AWS SecretsManager or other Secret Store. secretName: "/infra/core/addons/vault-okd" # -- Role ARN for the ExternalSecretOperator to assume. roleArn: arn:aws:iam::012345678910:role/AWSIRSA_Shared_ExternalSecretOperatorAccess # Defines Secret Store configuration. Used when eso.type is set to "generic". generic: secretStore: # -- Defines SecretStore provider configuration. providerConfig: {} # gcpsm: # projectID: "alphabet-123"