Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to override VAULT_CLUSTER_ADDR and VAULT_ADDR #397

Open
omerlh opened this issue Oct 7, 2020 · 7 comments
Open

Allow to override VAULT_CLUSTER_ADDR and VAULT_ADDR #397

omerlh opened this issue Oct 7, 2020 · 7 comments
Labels
enhancement New feature or request

Comments

@omerlh
Copy link
Contributor

omerlh commented Oct 7, 2020

Is your feature request related to a problem? Please describe.
Right now those values are set to the internal pod dns, e.g.. https://vault-0.vault-internal:8201. While this works, I am trying to set up Vault over multiple clusters, using internal loadbalancer.

I tried to set the value in the config:

config: |
        ui = true
        api_addr = "<ilb ip>:8200"
        cluster_addr = "<ilb ip>:8200"

But it seems this is being overridden by the environment variable:

==> Vault server configuration:
GCP KMS Crypto Key: <>
GCP KMS Key Ring: <>
GCP KMS Project: <>
GCP KMS Region: global
Seal Type: gcpckms
Api Address: http://:8200
Cgo: disabled
Cluster Address: https://vault-0.vault-internal:8201
Listener 1: tcp (addr: "[::]:8200", cluster address: "[::]:8201", max_reques
t_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: gcs (HA available)
Version: Vault v1.4.2

Describe the solution you'd like
Allow to override those values using values.yaml, e.g. by setting server.clusterAddress and sever.address, or even to disable the env var, so the config will be applied.
@omerlh omerlh added the enhancement New feature or request label Oct 7, 2020
@ngarafol
Copy link

ngarafol commented Oct 8, 2020

You could play with values by overriding it here:

https://github.com/hashicorp/vault-helm/blob/master/templates/server-statefulset.yaml#L104
and
https://github.com/hashicorp/vault-helm/blob/master/templates/server-statefulset.yaml#L88

Basically cluster address is needed, vault_addr is only for local stuff. Cluster address is for remote connections ...

@omerlh
Copy link
Contributor Author

omerlh commented Oct 8, 2020

Yeah, I figured - I can open a PR, but I don't see how i can do without it

@ngarafol
Copy link

ngarafol commented Oct 8, 2020
edited

Here is commit that allows configurable VAULT_API_ADDR so might build on that and PR https://github.com/rayisbadat/vault-helm/commit/e218a687c98318bc0209570504a90f07959278f8

@Co0ker
Copy link

Co0ker commented Oct 14, 2020

+1
Standby pods cannot reach the master and the environment variable takes precedence over the value in the configuration file

@adamstrawson adamstrawson mentioned this issue Apr 15, 2021
Closed
@llivingstone
Copy link

Bumping this - Multiple PRs have been created regarding this, can we approve and merge one of them please?

@jawnsy
Copy link

jawnsy commented Oct 2, 2022

I think this is resolved in #709

@nia-potato
Copy link

I seem to still not be able to override these values in current helm chart, i am trying to bind a static internal IP in a VPC on gcp, but it still defaults to $POD_IP envar after setting it to the internal IP, did i miss something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jawnsy @ngarafol @omerlh @Co0ker @llivingstone @nia-potato