Bump vault-operator to 0.1.9

charts/vault-operator/v0.1.3/Chart.yaml

 apiVersion: v1
-description: A Helm chart for Vault, a tool for managing secrets
+description: CoreOS vault-operator Helm chart for Kubernetes
 name: vault-operator
-version: 0.1.2
-icon: https://s3.amazonaws.com/hashicorp-marketing-web-assets/brand/Vault_VerticalLogo_FullColor.B1xPC0pSax.svg
+version: 0.1.3
+icon: file://../vault-logo.svg
 home: https://github.com/coreos/vault-operator
 appVersion: 0.9.1
 sources:

charts/vault-operator/v0.1.3/OWNERS

+approvers:
+- mlaccetti
+reviewers:
+- mlaccetti

charts/vault-operator/v0.1.3/README.md

-## Overview
-The Vault operator deploys and manages [Vault][vault] clusters on Kubernetes. Vault instances created by the Vault operator are highly available and support automatic failover and upgrade.
+# CoreOS vault-operator
 
+[vault-operator](https://coreos.com/blog/introducing-vault-operator-project) Simplify vault cluster configuration and management.
 
-### Project status: beta
-The basic features have been completed, and while no breaking API changes are currently planned, the API can change in a backwards incompatible way before the project is declared stable.
-
+__DISCLAIMER:__ While this chart has been well-tested, the vault-operator is still currently in beta. Current project status is available [here](https://github.com/coreos/vault-operator).
 
 ## Configuration
-Parameter | Description | Default
---------- | ----------- | -------
-`rbac.create` | If true, create & use RBAC resources | `true`
-`serviceAccounts.create` | If true, create the values-operator service account | `true`
-`imagePullPolicy` | all containers image pull policy | `IfNotPresent`
-`vaultOperator.replicaCount` | desired number of vault operator controller pod | `1`
-`vaultOperator.image.repository` | vault operator container image repository | `quay.io/coreos/vault-operator`
-`vaultOperator.image.tag` | vault operator container image tag | `latest`
-`vaultOperator.resources` | vault operator pod resource requests & limits | `{}`
-`vaultOperator.nodeSelector` | node labels for vault operator pod assignment | `{}`
-`vault.node` | desired number of vault cluster nodes | `2`
-`vault.version` | vault app version | `0.9.1-0`
-`etcd.image.repository` | etcd container image repository | `quay.io/coreos/etcd-operator`
-`etcd.image.tag` | etcd container image tag | `v0.8.3`
-`ui.replicaCount` | desired number of Vault UI pod | `1`
-`ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui`
-`ui.image.tag` | Vault UI container image tag | `latest`
-`ui.resources` | Vault UI pod resource requests & limits | `{}`
-`ui.nodeSelector` | node labels for Vault UI pod assignment | `{}`
-`ui.ingress.enabled` | If true, Vault UI Ingress will be created | `false`
-`ui.ingress.annotations` | Vault UI Ingress annotations | `{}`
-`ui.ingress.hosts` | Vault UI Ingress hostnames | `[]`
-`ui.ingress.tls` | Vault UI Ingress TLS configuration (YAML) | `[]`
-`ui.vault.auth` | Vault UI login method | `TOKEN`
-`ui.service.name` | Vault UI service name | `vault-ui`
-`ui.service.type` | type of ui service to create | `ClusterIP`
-`ui.service.externalPort` | Vault UI service target port | `8000`
-`ui.service.internalPort` | Vault UI container port | `8000`
-`ui.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0`
-
-
-## Using the Vault cluster
-
-See the [Vault usage guide](https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md) on how to initialize, unseal, and use the deployed Vault cluster.
-
-Consult the [monitoring guide](https://github.com/coreos/vault-operator/blob/master/doc/user/monitoring.md) on how to monitor and alert on a Vault cluster with Prometheus.
-
-See the [recovery guide](https://github.com/coreos/vault-operator/blob/master/doc/user/recovery.md) on how to backup and restore Vault cluster data using the etcd opeartor
-
-For an overview of the default TLS configuration or how to specify custom TLS assets for a Vault cluster see the [TLS setup guide](https://github.com/coreos/vault-operator/blob/master/doc/user/tls_setup.md).
-
-[vault]: https://www.vaultproject.io/
-[etcd-operator]: https://github.com/coreos/etcd-operator/
+
+The following table lists the configurable parameters of the vault-operator chart and their default values.
+
+| Parameter                                         | Description                                                          | Default                                        |
+| ------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------- |
+| `name`                                            | name of the deployment                                               | `vault-operator`                               |
+| `replicaCount`                                    | Number of operator replicas to create (only 1 is supported)          | `1`                                            |
+| `image.repository`                                | vault-operator container image                                       | `ranchercharts/vault-operator`                |
+| `image.tag`                                       | vault-operator container image tag                                   | `0.1.9`                                        |
+| `image.pullPolicy`                                | vault-operator container image pull policy                           | `Always`                                       |
+| `rbac.create`                                     | install required RBAC service account, roles and rolebindings        | `true`                                         |
+| `rbac.apiVersion`                                 | RBAC api version `v1alpha1|v1beta1`                                  | `v1beta1`                                      |
+| `serviceAccount.create`                           | create a new service account for the vault-operator                  | `true`                                         |
+| `serviceAccount.name`                             | Name of the service account resource when RBAC is enabled            | `vault-operator-sa`                            |
+| `resources.cpu`                                   | CPU limit per vault-operator pod                                     | `100m`                                         |
+| `resources.memory`                                | Memory limit per vault-operator pod                                  | `128mi`                                        |
+| `nodeSelector`                                    | Node labels for vault-operator pod assignment                        | `{}`                                           |
+| `commandArgs`                                     | Additional command arguments                                         | `{}`                                           |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
+
+```bash
+$ helm install --name my-release --set image.tag=v0.1.9 stable/vault-operator
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```bash
+$ helm install --name my-release --values values.yaml stable/vault-operator
+```
+
+## RBAC
+By default the chart will install the recommended RBAC roles and rolebindings.
+
+To determine if your cluster supports this running the following:
+
+```bash
+$ kubectl api-versions | grep rbac
+```
+
+You also need to have the following parameter on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)
+
+```bash
+--authorization-mode=RBAC
+```
+
+If the output contains "beta" or both "alpha" and "beta" you can may install rbac by default, if not, you may turn RBAC off as described below.
+
+### RBAC Role/RoleBinding Creation
+
+RBAC resources are enabled by default. To disable RBAC do the following:
+
+```bash
+$ helm install --name my-release stable/vault-operator --set rbac.create=false
+```
+
+### Changing RBAC Manifest apiVersion
+
+By default the RBAC resources are generated with the "v1beta1" apiVersion. To use "v1alpha1" do the following:
+
+```bash
+$ helm install --name my-release stable/vault-operator --set rbac.install=true,rbac.apiVersion=v1alpha1
+```
+
+## Creating a Vault
+
+### Deploy a CRD
+
+```yaml
+apiVersion: "vault.security.coreos.com/v1alpha1"
+kind: "VaultService"
+metadata:
+  name: "example"
+spec:
+  nodes: 2
+  version: "0.9.1-0"
+```
+
+### Initialize Vault
+
+```bash
+kubectl -n <namespace> get vault example -o jsonpath='{.status.vaultStatus.sealed[0]}' | xargs -0 -I {} kubectl -n <namespace> port-forward {} 8200
+vault init
+```
+
+### Unseal the Vault
+
+Repeat as many times as nodes created. Run the `vault unseal` command three times.
+
+```bash
+kubectl -n <namespace> get vault example -o jsonpath='{.status.vaultStatus.sealed[0]}' | xargs -0 -I {} kubectl -n <namespace> port-forward {} 8200
+vault unseal
+```

charts/vault-operator/v0.1.3/app-readme.md

 # Vault Operator
-Run and manage Vault on Kubernetes simply and securely.
+[vault-operator](https://github.com/coreos/vault-operator) Simplify vault cluster configuration and management.
 
+__DISCLAIMER:__ While this chart has been well-tested, the vault-operator is still currently in beta. Current project status is available [here](https://github.com/coreos/vault-operator).
 
-### Prerequisites
+### Using the Vault cluster
+See the [Vault usage guide](https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md) on how to initialize, unseal, and use the deployed Vault cluster.
 
-- Kubernetes 1.8+
+Consult the [monitoring guide](https://github.com/coreos/vault-operator/blob/master/doc/user/monitoring.md) on how to monitor and alert on a Vault cluster with Prometheus.
+
+See the [recovery guide](https://github.com/coreos/vault-operator/blob/master/doc/user/recovery.md) on how to backup and restore Vault cluster data using the etcd opeartor
+
+For an overview of the default TLS configuration or how to specify custom TLS assets for a Vault cluster see the [TLS setup guide](https://github.com/coreos/vault-operator/blob/master/doc/user/tls_setup.md).
+
+**Warning:**
+Upgrade `vault-operator` from 0.1.2 to 0.1.3 is not supported, if you wish to use the newest version you will need to re-deploy the `vault-operator 0.1.3`.

charts/vault-operator/v0.1.3/charts/etcd-operator/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/vault-operator/v0.1.3/charts/etcd-operator/Chart.yaml

+apiVersion: v1
+description: CoreOS etcd-operator Helm chart for Kubernetes
+name: etcd-operator
+version: 0.9.0
+appVersion: 0.9.4
+home: https://github.com/coreos/etcd-operator
+icon: file://../etcd-logo.png
+sources:
+- https://github.com/coreos/etcd-operator
+maintainers:
+- name: lachie83
+  email: lachlan@deis.com
+- name: alejandroEsc
+  email: jaescobar.cell@gmail.com

charts/vault-operator/v0.1.3/charts/etcd-operator/OWNERS

+approvers:
+- lachie83
+- alejandroEsc
+reviewers:
+- lachie83
+- alejandroEsc

charts/vault-operator/v0.1.3/charts/etcd-operator/README.md

+## Official Documentation
+
+Official project documentation found [here](https://github.com/coreos/etcd-operator)
+
+## Prerequisites
+
+- Kubernetes 1.4+ with Beta APIs enabled
+- __Suggested:__ PV provisioner support in the underlying infrastructure to support backups
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install stable/etcd-operator --name my-release
+```
+
+__Note__: If you set `cluster.enabled` on install, it will have no effect.
+Before you create an etcd cluster, the TPR must be installed by the operator, so this option is ignored during helm installs, but can be used in upgrades.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components EXCEPT the persistent volume.
+
+## Updating
+Updating the TPR resource will not result in the cluster being update until `kubectl apply` for
+TPRs is fixed see [kubernetes/issues/29542](https://github.com/kubernetes/kubernetes/issues/29542)
+Work around options are documented [here](https://github.com/coreos/etcd-operator#resize-an-etcd-cluster)
+
+## Configuration
+
+The following table lists the configurable parameters of the etcd-operator chart and their default values.
+
+| Parameter                                         | Description                                                          | Default                                        |
+| ------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------- |
+| `rbac.create`                                     | Install required RBAC service account, roles and rolebindings        | `true`                                         |
+| `rbac.apiVersion`                                 | RBAC api version `v1alpha1\|v1beta1`                                 | `v1beta1`                                      |
+| `serviceAccount.create`                           | Flag to create the service account                                   | `true`                                         |
+| `serviceAccount.name`                             | Name of the service account resource when RBAC is enabled            | `etcd-operator-sa`                             |
+| `deployments.etcdOperator`                        | Deploy the etcd cluster operator                                     | `true`                                         |
+| `deployments.backupOperator`                      | Deploy the etcd backup operator                                      | `true`                                         |
+| `deployments.restoreOperator`                     | Deploy the etcd restore operator                                     | `true`                                         |
+| `customResources.createEtcdClusterCRD`            | Create a custom resource: EtcdCluster                                | `false`                                        |
+| `customResources.createBackupCRD`                 | Create an a custom resource: EtcdBackup                              | `false`                                        |
+| `customResources.createRestoreCRD`                | Create an a custom resource: EtcdRestore                             | `false`                                        |
+| `etcdOperator.name`                               | Etcd Operator name                                                   | `etcd-operator`                                |
+| `etcdOperator.replicaCount`                       | Number of operator replicas to create (only 1 is supported)          | `1`                                            |
+| `etcdOperator.image.repository`                   | etcd-operator container image                                        | `quay.io/coreos/etcd-operator`                 |
+| `etcdOperator.image.tag`                          | etcd-operator container image tag                                    | `v0.9.3`                                       |
+| `etcdOperator.image.pullpolicy`                   | etcd-operator container image pull policy                            | `Always`                                       |
+| `etcdOperator.resources.cpu`                      | CPU limit per etcd-operator pod                                      | `100m`                                         |
+| `etcdOperator.resources.memory`                   | Memory limit per etcd-operator pod                                   | `128Mi`                                        |
+| `etcdOperator.securityContext`                    | SecurityContext for etcd operator                                    | `{}`                                           |
+| `etcdOperator.nodeSelector`                       | Node labels for etcd operator pod assignment                         | `{}`                                           |
+| `etcdOperator.podAnnotations`                     | Annotations for the etcd operator pod                                | `{}`                                           |
+| `etcdOperator.commandArgs`                        | Additional command arguments                                         | `{}`                                           |
+| `backupOperator.name`                             | Backup operator name                                                 | `etcd-backup-operator`                         |
+| `backupOperator.replicaCount`                     | Number of operator replicas to create (only 1 is supported)          | `1`                                            |
+| `backupOperator.image.repository`                 | Operator container image                                             | `quay.io/coreos/etcd-operator`                 |
+| `backupOperator.image.tag`                        | Operator container image tag                                         | `v0.9.3`                                       |
+| `backupOperator.image.pullpolicy`                 | Operator container image pull policy                                 | `Always`                                       |
+| `backupOperator.resources.cpu`                    | CPU limit per etcd-operator pod                                      | `100m`                                         |
+| `backupOperator.resources.memory`                 | Memory limit per etcd-operator pod                                   | `128Mi`                                        |
+| `backupOperator.securityContext`                  | SecurityContext for etcd backup operator                             | `{}`                                           |
+| `backupOperator.spec.storageType`                 | Storage to use for backup file, currently only S3 supported          | `S3`                                           |
+| `backupOperator.spec.s3.s3Bucket`                 | Bucket in S3 to store backup file                                    |                                                |
+| `backupOperator.spec.s3.awsSecret`                | Name of kubernetes secret containing aws credentials                 |                                                |
+| `backupOperator.nodeSelector`                     | Node labels for etcd operator pod assignment                         | `{}`                                           |
+| `backupOperator.commandArgs`                      | Additional command arguments                                         | `{}`                                           |
+| `restoreOperator.name`                            | Restore operator name                                                | `etcd-backup-operator`                         |
+| `restoreOperator.replicaCount`                    | Number of operator replicas to create (only 1 is supported)          | `1`                                            |
+| `restoreOperator.image.repository`                | Operator container image                                             | `quay.io/coreos/etcd-operator`                 |
+| `restoreOperator.image.tag`                       | Operator container image tag                                         | `v0.9.3`                                       |
+| `restoreOperator.image.pullpolicy`                | Operator container image pull policy                                 | `Always`                                       |
+| `restoreOperator.resources.cpu`                   | CPU limit per etcd-operator pod                                      | `100m`                                         |
+| `restoreOperator.resources.memory`                | Memory limit per etcd-operator pod                                   | `128Mi`                                        |
+| `restoreOperator.securityContext`                 | SecurityContext for etcd restore operator                            | `{}`                                           |
+| `restoreOperator.spec.s3.path`                    | Path in S3 bucket containing the backup file                         |                                                |
+| `restoreOperator.spec.s3.awsSecret`               | Name of kubernetes secret containing aws credentials                 |                                                |
+| `restoreOperator.nodeSelector`                    | Node labels for etcd operator pod assignment                         | `{}`                                           |
+| `restoreOperator.commandArgs`                     | Additional command arguments                                         | `{}`                                           |
+| `etcdCluster.name`                                | etcd cluster name                                                    | `etcd-cluster`                                 |
+| `etcdCluster.size`                                | etcd cluster size                                                    | `3`                                            |
+| `etcdCluster.version`                             | etcd cluster version                                                 | `3.2.25`                                       |
+| `etcdCluster.image.repository`                    | etcd container image                                                 | `quay.io/coreos/etcd-operator`                 |
+| `etcdCluster.image.tag`                           | etcd container image tag                                             | `v3.2.25`                                      |
+| `etcdCluster.image.pullPolicy`                    | etcd container image pull policy                                     | `Always`                                       |
+| `etcdCluster.enableTLS`                           | Enable use of TLS                                                    | `false`                                        |
+| `etcdCluster.tls.static.member.peerSecret`        | Kubernetes secret containing TLS peer certs                          | `etcd-peer-tls`                                |
+| `etcdCluster.tls.static.member.serverSecret`      | Kubernetes secret containing TLS server certs                        | `etcd-server-tls`                              |
+| `etcdCluster.tls.static.operatorSecret`           | Kubernetes secret containing TLS client certs                        | `etcd-client-tls`                              |
+| `etcdCluster.pod.antiAffinity`                    | Whether etcd cluster pods should have an antiAffinity                | `false`                                        |
+| `etcdCluster.pod.resources.limits.cpu`            | CPU limit per etcd cluster pod                                       | `100m`                                         |
+| `etcdCluster.pod.resources.limits.memory`         | Memory limit per etcd cluster pod                                    | `128Mi`                                        |
+| `etcdCluster.pod.resources.requests.cpu`          | CPU request per etcd cluster pod                                     | `100m`                                         |
+| `etcdCluster.pod.resources.requests.memory`       | Memory request per etcd cluster pod                                  | `128Mi`                                        |
+| `etcdCluster.pod.nodeSelector`                    | Node labels for etcd cluster pod assignment                          | `{}`                                           |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
+
+```bash
+$ helm install --name my-release --set image.tag=v0.2.1 stable/etcd-operator
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```bash
+$ helm install --name my-release --values values.yaml stable/etcd-operator
+```
+
+## RBAC
+By default the chart will install the recommended RBAC roles and rolebindings.
+
+To determine if your cluster supports this running the following:
+
+```console
+$ kubectl api-versions | grep rbac
+```
+
+You also need to have the following parameter on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)
+
+```
+--authorization-mode=RBAC
+```
+
+If the output contains "beta" or both "alpha" and "beta" you can may install rbac by default, if not, you may turn RBAC off as described below.
+
+### RBAC role/rolebinding creation
+
+RBAC resources are enabled by default. To disable RBAC do the following:
+
+```console
+$ helm install --name my-release stable/etcd-operator --set rbac.create=false
+```
+
+### Changing RBAC manifest apiVersion
+
+By default the RBAC resources are generated with the "v1beta1" apiVersion. To use "v1alpha1" do the following:
+
+```console
+$ helm install --name my-release stable/etcd-operator --set rbac.install=true,rbac.apiVersion=v1alpha1
+```

charts/vault-operator/v0.1.3/charts/etcd-operator/app-readme.md

+# etcd-operator
+
+[etcd-operator](https://coreos.com/blog/introducing-the-etcd-operator.html) Simplify etcd cluster configuration and management.
+
+__DISCLAIMER:__ While this chart has been well-tested, the etcd-operator is still currently in beta. Current project status is available [here](https://github.com/coreos/etcd-operator).
+
+## Introduction
+
+This chart bootstraps an etcd-operator and allows the deployment of etcd-cluster(s).
+
+### How to use it
+With etcd-operator, users can now create a custom etcd cluster using custom resource definitions(CRDs) like EtcdCluster, EtcdBackup and EtcdRestore . e.g,
+```YAML
+apiVersion: etcd.database.coreos.com/v1beta2
+kind: EtcdCluster
+metadata:
+  name: "example-etcd-cluster"
+  ## Adding this annotation make this cluster managed by clusterwide operators, namespaced operators ignore it
+  # annotations:
+    # etcd.database.coreos.com/scope: clusterwide
+spec:
+  size: 3
+  version: "3.2.25"
+```
+
+For more details about CRD spec please refer to the [etcd-operator doc](https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md).

charts/vault-operator/v0.1.3/charts/etcd-operator/questions.yml

+categories:
+- database
+- keyvalue
+labels:
+  io.rancher.certified: operator
+  io.cattle.role: cluster
+questions:
+- variable: defaultImage
+  default: true
+  description: "Use default Docker image"
+  label: Use Default Image
+  type: boolean
+  show_subquestion_if: false
+  group: "Container Images"
+  subquestions:
+  - variable: deployments.image.repository
+    default: "ranchercharts/coreos-etcd-operator"
+    description: "Etcd operator Docker image"
+    type: string
+    label: Etcd Operator Image Name
+  - variable: deployments.image.tag
+    default: "v0.9.4"
+    description: "Etcd operator Docker tag"
+    type: string
+    label: Etcd Operator Image Tag
+  - variable: etcdCluster.image.repository
+    default: "ranchercharts/coreos-etcd"
+    description: "Etcd container image"
+    type: string
+    label: Etcd Container Image Name
+  - variable: etcdCluster.image.tag
+    default: "v3.2.25"
+    description: "Etcd container image tag"
+    type: string
+    label: Etcd Container Image Tag
+- variable: deployments.etcdOperator
+  default: true
+  description: "Deploy the etcd-operator controller"
+  required: true
+  label: Deploy the etcd Operator
+  type: boolean
+  show_subquestion_if: true
+  group: "etcd-operators"
+  subquestions:
+  - variable: clusterwide.enabled
+    default: false
+    description: "Set etcd operator manage clusters in all namespaces (more details on https://github.com/coreos/etcd-operator/blob/master/doc/user/clusterwide.md)"
+    label: Enable Clusterwide of etcd Operator
+    type: boolean
+    required: true
+- variable: deployments.backupOperator
+  default: true
+  description: "Deploy the etcd backup operator, one time deployment, delete once completed"
+  label: Deploy the etcd Backup Operator
+  type: boolean
+  group: "etcd-operators"
+- variable: deployments.restoreOperator
+  default: true
+  description: "Deploy the etcd restore operator, one time deployment, delete once completed"
+  label: Deploy the etcd Restore Operator
+  type: boolean
+  group: "etcd-operators"
+# enable etcd cluster configs
+- variable: customResources.createEtcdClusterCRD
+  default: false
+  description: "Create a new custom etcd cluster"
+  label: Create a New Custom Etcd Cluster
+  type: boolean
+  group: "Etcd Cluster"
+  show_subquestion_if: true
+  subquestions:
+  - variable: etcdCluster.size
+    default: "3"
+    description: "set etcd cluster size"
+    label: Etcd Cluster Size
+    type: enum
+    options:
+    - "3"
+    - "5"
+    - "7"
+    - "9"
+    - "11"
+    required: true
+  - variable: etcdCluster.version
+    default: "3.2.25"
+    description: "set etcd cluster version"
+    label: Etcd Cluster Version
+    type: string
+    required: true
+- variable: etcdCluster.enableTLS
+  default: false
+  description: "Enable use of TLS"
+  label: Enable use of TLS
+  type: boolean
+  required: true
+  group: "Etcd Cluster"
+  show_if: "customResources.createEtcdClusterCRD=true"
+- variable: etcdCluster.tls.static.member.peerSecret
+  default: ""
+  description: "Kubernetes secret containing TLS peer certs"
+  required: true
+  label: k8s Secret Name of TLS Peer Certs
+  type: secret
+  show_if: "customResources.createEtcdClusterCRD=true&&etcdCluster.enableTLS=true"
+  group: "Etcd Cluster"
+- variable: etcdCluster.tls.static.member.serverSecret
+  default: ""
+  description: "Kubernetes secret containing TLS server certs"
+  required: true
+  label: k8s Secret Name of TLS Server Certs
+  type: secret
+  show_if: "customResources.createEtcdClusterCRD=true&&etcdCluster.enableTLS=true"
+  group: "Etcd Cluster"
+- variable: etcdCluster.tls.static.operatorSecret
+  default: ""
+  description: "Kubernetes secret containing TLS client certs"
+  required: true
+  label: k8s Secret Name of TLS Client Certs
+  type: secret
+  show_if: "customResources.createEtcdClusterCRD=true&&etcdCluster.enableTLS=true"
+  group: "Etcd Cluster"

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/NOTES.txt

+{{- $clusterEnabled := (and (not .Release.IsInstall) .Values.customResources.createEtcdClusterCRD) -}}
+{{- if and .Release.IsInstall .Values.customResources.createEtcdClusterCRD -}}
+Not enabling cluster, the ThirdPartResource must be installed before you can create a Cluster. Continuing rest of normal deployment.
+
+{{ end -}}
+
+{{- if $clusterEnabled -}}
+1. Watch etcd cluster start
+  kubectl get pods -l etcd_cluster={{ .Values.etcdCluster.name }} --namespace {{ .Release.Namespace }} -w
+
+2. Confirm etcd cluster is healthy
+  $ kubectl run --rm -i --tty --env="ETCDCTL_API=3" --env="ETCDCTL_ENDPOINTS=http://{{ .Values.etcdCluster.name }}-client:2379" --namespace {{ .Release.Namespace }} etcd-test --image quay.io/coreos/etcd --restart=Never -- /bin/sh -c 'watch -n1 "etcdctl  member list"'
+
+3. Interact with the cluster!
+  $ kubectl run --rm -i --tty --env ETCDCTL_API=3 --namespace {{ .Release.Namespace }} etcd-test --image quay.io/coreos/etcd --restart=Never -- /bin/sh
+  / # etcdctl --endpoints http://{{ .Values.etcdCluster.name }}-client:2379 put foo bar
+  / # etcdctl --endpoints http://{{ .Values.etcdCluster.name }}-client:2379 get foo
+  OK
+  (ctrl-D to exit)
+  
+4. Optional
+  Check the etcd-operator logs
+  export POD=$(kubectl get pods -l app={{ template "etcd-operator.fullname" . }} --namespace {{ .Release.Namespace }} --output name)
+  kubectl logs $POD --namespace={{ .Release.Namespace }}
+
+{{- else -}}
+1. etcd-operator deployed.
+  If you would like to deploy an etcd-cluster set cluster.enabled to true in values.yaml
+  Check the etcd-operator logs
+    export POD=$(kubectl get pods -l app={{ template "etcd-operator.fullname" . }} --namespace {{ .Release.Namespace }} --output name)
+    kubectl logs $POD --namespace={{ .Release.Namespace }}
+
+{{- end -}}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "etcd-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "etcd-operator.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.etcdOperator.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "etcd-backup-operator.name" -}}
+{{- default .Chart.Name .Values.backupOperator.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "etcd-backup-operator.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.backupOperator.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "etcd-restore-operator.name" -}}
+{{- default .Chart.Name .Values.restoreOperator.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "etcd-restore-operator.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.restoreOperator.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the etcd-operator service account to use
+*/}}
+{{- define "etcd-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "etcd-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/backup-etcd-crd.yaml

+{{- if .Values.customResources.createBackupCRD }}
+apiVersion: etcd.database.coreos.com/v1beta2
+kind: EtcdBackup
+metadata:
+  name: {{ template "etcd-backup-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-backup-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  clusterName: {{ .Values.etcdCluster.name }}
+{{ toYaml .Values.backupOperator.spec | indent 2 }}
+{{- end}}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/backup-operator-deployment.yaml

+{{- if .Values.deployments.backupOperator }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "etcd-backup-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-backup-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "etcd-backup-operator.fullname" . }}
+      release: {{ .Release.Name }}
+  replicas: {{ .Values.backupOperator.replicaCount }}
+  template:
+    metadata:
+      name: {{ template "etcd-backup-operator.fullname" . }}
+      labels:
+        app: {{ template "etcd-backup-operator.fullname" . }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }}
+      containers:
+      - name: {{ .Values.backupOperator.name }}
+        image: "{{ .Values.deployments.image.repository }}:{{ .Values.deployments.image.tag }}"
+        imagePullPolicy: {{ .Values.deployments.image.pullPolicy }}
+        command:
+        - etcd-backup-operator
+{{- range $key, $value := .Values.backupOperator.commandArgs }}
+        - "--{{ $key }}={{ $value }}"
+{{- end }}
+        env:
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        resources:
+          limits:
+            cpu: {{ .Values.backupOperator.resources.cpu }}
+            memory: {{ .Values.backupOperator.resources.memory }}
+          requests:
+            cpu: {{ .Values.backupOperator.resources.cpu }}
+            memory: {{ .Values.backupOperator.resources.memory }}
+    {{- if .Values.backupOperator.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.backupOperator.nodeSelector | nindent 8 }}
+    {{- end }}
+    {{- if .Values.backupOperator.securityContext }}
+      securityContext: {{ toYaml .Values.backupOperator.securityContext | nindent 8 }}
+    {{- end }}
+    {{- if .Values.backupOperator.tolerations }}
+      tolerations: {{ toYaml .Values.backupOperator.tolerations | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/crds.yaml

+{{- if .Values.enableCRDs -}}
+{{- if not (.Capabilities.APIVersions.Has "etcd.database.coreos.com/v1beta2") }}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: etcdclusters.etcd.database.coreos.com
+  annotations:
+    "helm.sh/resource-policy": keep
+    "helm.sh/hook": "crd-install"
+spec:
+  conversion:
+    strategy: None
+  group: etcd.database.coreos.com
+  names:
+    kind: EtcdCluster
+    listKind: EtcdClusterList
+    plural: etcdclusters
+    shortNames:
+    - etcd
+    singular: etcdcluster
+  scope: Namespaced
+  version: v1beta2
+  versions:
+  - name: v1beta2
+    served: true
+    storage: true
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: etcdbackups.etcd.database.coreos.com
+spec:
+  conversion:
+    strategy: None
+  group: etcd.database.coreos.com
+  names:
+    kind: EtcdBackup
+    listKind: EtcdBackupList
+    plural: etcdbackups
+    singular: etcdbackup
+  scope: Namespaced
+  version: v1beta2
+  versions:
+  - name: v1beta2
+    served: true
+    storage: true
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: etcdrestores.etcd.database.coreos.com
+spec:
+  conversion:
+    strategy: None
+  group: etcd.database.coreos.com
+  names:
+    kind: EtcdRestore
+    listKind: EtcdRestoreList
+    plural: etcdrestores
+    singular: etcdrestore
+  scope: Namespaced
+  version: v1beta2
+  versions:
+  - name: v1beta2
+    served: true
+    storage: true
+{{- end }}
+{{- end -}}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/etcd-cluster-crd.yaml

+{{- if .Values.customResources.createEtcdClusterCRD }}
+apiVersion: etcd.database.coreos.com/v1beta2
+kind: EtcdCluster
+metadata:
+  name: {{ .Values.etcdCluster.name }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  {{- if .Values.clusterwide.enabled }}
+  annotations:
+    "etcd.database.coreos.com/scope": "clusterwide"
+  {{- end }}
+spec:
+  size: {{ .Values.etcdCluster.size }}
+  version: "{{ .Values.etcdCluster.version }}"
+  pod:
+{{ toYaml .Values.etcdCluster.pod | indent 4 }}
+  {{- if .Values.etcdCluster.enableTLS }}
+  TLS:
+{{ toYaml .Values.etcdCluster.tls | indent 4 }}
+  {{- end }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/operator-cluster-role.yaml

+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
+kind: ClusterRole
+metadata:
+  name: {{ template "etcd-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+  - etcd.database.coreos.com
+  resources:
+  - etcdclusters
+  - etcdbackups
+  - etcdrestores
+  verbs:
+  - "*"
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  verbs:
+  - "*"
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/operator-clusterrole-binding.yaml

+{{- if and .Values.rbac.create .Values.deployments.etcdOperator }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/{{ required "A valid .Values.rbac.apiVersion entry required!" .Values.rbac.apiVersion }}
+metadata:
+  name: {{ template "etcd-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "etcd-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "etcd-operator.fullname" . }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/operator-deployment.yaml

+{{- if .Values.deployments.etcdOperator }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "etcd-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "etcd-operator.fullname" . }}
+      release: {{ .Release.Name }}
+  replicas: {{ .Values.etcdOperator.replicaCount }}
+  template:
+    metadata:
+      name: {{ template "etcd-operator.fullname" . }}
+      labels:
+        app: {{ template "etcd-operator.fullname" . }}
+        release: {{ .Release.Name }}
+      annotations: {{ toYaml .Values.etcdOperator.podAnnotations | nindent 8}}
+    spec:
+      serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }}
+      containers:
+      - name: {{ template "etcd-operator.fullname" . }}
+        image: "{{ .Values.deployments.image.repository }}:{{ .Values.deployments.image.tag }}"
+        imagePullPolicy: {{ .Values.deployments.image.pullPolicy }}
+        command:
+        - etcd-operator
+          {{- if .Values.clusterwide.enabled }}
+        - "--cluster-wide=true"
+          {{- end }}
+{{- range $key, $value := .Values.etcdOperator.commandArgs }}
+        - "--{{ $key }}={{ $value }}"
+{{- end }}
+        env:
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        resources:
+          limits:
+            cpu: {{ .Values.etcdOperator.resources.cpu }}
+            memory: {{ .Values.etcdOperator.resources.memory }}
+          requests:
+            cpu: {{ .Values.etcdOperator.resources.cpu }}
+            memory: {{ .Values.etcdOperator.resources.memory }}
+        {{- if .Values.etcdOperator.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: {{ .Values.etcdOperator.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.etcdOperator.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.etcdOperator.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.etcdOperator.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.etcdOperator.livenessProbe.failureThreshold }}
+        {{- end}}
+        {{- if .Values.etcdOperator.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: {{ .Values.etcdOperator.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.etcdOperator.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.etcdOperator.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.etcdOperator.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.etcdOperator.readinessProbe.failureThreshold }}
+        {{- end }}
+    {{- if .Values.etcdOperator.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.etcdOperator.nodeSelector | nindent 8 }}
+    {{- end }}
+    {{- if .Values.etcdOperator.securityContext }}
+      securityContext: {{ toYaml .Values.etcdOperator.securityContext | nindent 8 }}
+    {{- end }}
+    {{- if .Values.etcdOperator.tolerations }}
+      tolerations: {{ toYaml .Values.etcdOperator.tolerations | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/operator-service-account.yaml

+{{- if and .Values.serviceAccount.create .Values.deployments.etcdOperator }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "etcd-operator.serviceAccountName" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/restore-etcd-crd.yaml

+{{- if .Values.customResources.createRestoreCRD }}
+apiVersion: etcd.database.coreos.com/v1beta2
+kind: EtcdRestore
+metadata:
+  # An EtcdCluster with the same name will be created
+  name: {{ .Values.etcdCluster.name }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-restore-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  clusterSpec:
+    size: {{ .Values.etcdCluster.size }}
+    baseImage: "{{ .Values.etcdCluster.image.repository }}"
+    version: {{ .Values.etcdCluster.image.tag }}
+    pod:
+{{ toYaml .Values.etcdCluster.pod | indent 6 }}
+    {{- if .Values.etcdCluster.enableTLS }}
+    TLS:
+{{ toYaml .Values.etcdCluster.tls | indent 6 }}
+    {{- end }}
+{{ toYaml .Values.restoreOperator.spec | indent 2 }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/restore-operator-deployment.yaml

+{{- if .Values.deployments.restoreOperator }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "etcd-restore-operator.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-restore-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "etcd-restore-operator.name" . }}
+      release: {{ .Release.Name }}
+  replicas: {{ .Values.restoreOperator.replicaCount }}
+  template:
+    metadata:
+      name: {{ template "etcd-restore-operator.fullname" . }}
+      labels:
+        app: {{ template "etcd-restore-operator.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ template "etcd-operator.serviceAccountName" . }}
+      containers:
+      - name: {{ .Values.restoreOperator.name }}
+        image: "{{ .Values.deployments.image.repository }}:{{ .Values.deployments.image.tag }}"
+        imagePullPolicy: {{ .Values.deployments.image.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.restoreOperator.port }}
+        command:
+        - etcd-restore-operator
+{{- range $key, $value := .Values.restoreOperator.commandArgs }}
+        - "--{{ $key }}={{ $value }}"
+{{- end }}
+        env:
+        - name: MY_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MY_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: SERVICE_ADDR
+          value: "{{ .Values.restoreOperator.name }}:{{ .Values.restoreOperator.port }}"
+        resources:
+          limits:
+            cpu: {{ .Values.restoreOperator.resources.cpu }}
+            memory: {{ .Values.restoreOperator.resources.memory }}
+          requests:
+            cpu: {{ .Values.restoreOperator.resources.cpu }}
+            memory: {{ .Values.restoreOperator.resources.memory }}
+    {{- if .Values.restoreOperator.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.restoreOperator.nodeSelector | nindent 8 }}
+    {{- end }}
+    {{- if .Values.restoreOperator.securityContext }}
+      securityContext: {{ toYaml .Values.restoreOperator.securityContext | nindent 8 }}
+    {{- end }}
+    {{- if .Values.restoreOperator.tolerations }}
+      tolerations: {{ toYaml .Values.restoreOperator.tolerations | nindent 8 }}
+    {{- end }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/templates/restore-operator-service.yaml

+{{- if .Values.deployments.restoreOperator }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.restoreOperator.name }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: {{ template "etcd-restore-operator.name" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+  - protocol: TCP
+    name: http-etcd-restore-port
+    port: {{ .Values.restoreOperator.port }}
+  selector:
+    app: {{ template "etcd-restore-operator.name" . }}
+    release: {{ .Release.Name }}
+{{- end }}

charts/vault-operator/v0.1.3/charts/etcd-operator/values.yaml

+# Default values for etcd-operator.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  ## Reference to one or more secrets to be used when pulling images
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  imagePullSecrets: []
+  # - name: "image-pull-secret"
+
+## Install Default RBAC roles and bindings
+rbac:
+  create: true
+  apiVersion: v1
+
+enableCRDs: true
+
+## Service account name and whether to create it
+serviceAccount:
+  create: true
+  name:
+
+# Enabled to act for resources in all namespaces. More information in doc/clusterwide.md
+clusterwide:
+  enabled: false
+
+# Select what to deploy
+deployments:
+  etcdOperator: true
+  # one time deployment, delete once completed,
+  # Ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md
+  backupOperator: true
+  # one time deployment, delete once completed
+  # Ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/restore-operator.md
+  restoreOperator: true
+
+  image:
+    repository: ranchercharts/coreos-etcd-operator
+    tag: v0.9.4
+    pullPolicy: Always
+
+# creates custom resources, not all required,
+# you could use `helm template --values <values.yaml> --name release_name ... `
+# and create the resources yourself to deploy on your cluster later
+customResources:
+  createEtcdClusterCRD: false
+  createBackupCRD: false
+  createRestoreCRD: false
+
+# etcdOperator
+etcdOperator:
+  name: etcd-operator
+  replicaCount: 1
+  resources:
+    cpu: 100m
+    memory: 128Mi
+  ## Node labels for etcd-operator pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  nodeSelector: {}
+  ## additional command arguments go here; will be translated to `--key=value` form
+  ## e.g., analytics: true
+  commandArgs: {}
+  ## Configurable health checks against the /readyz endpoint that etcd-operator exposes
+  readinessProbe:
+    enabled: false
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+  livenessProbe:
+    enabled: false
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    timeoutSeconds: 1
+    successThreshold: 1
+    failureThreshold: 3
+# backup spec
+backupOperator:
+  name: etcd-backup-operator
+  replicaCount: 1
+  resources:
+    cpu: 100m
+    memory: 128Mi
+  spec:
+    storageType: S3
+    s3:
+      s3Bucket:
+      awsSecret:
+  ## Node labels for etcd pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  nodeSelector: {}
+  ## additional command arguments go here; will be translated to `--key=value` form
+  ## e.g., analytics: true
+  commandArgs: {}
+  securityContext: {}
+  tolerations: {}
+
+# restore spec
+restoreOperator:
+  name: etcd-restore-operator
+  replicaCount: 1
+  port: 19999
+  resources:
+    cpu: 100m
+    memory: 128Mi
+  spec:
+    s3:
+      # The format of "path" must be: "<s3-bucket-name>/<path-to-backup-file>"
+      # e.g: "etcd-snapshot-bucket/v1/default/example-etcd-cluster/3.2.10_0000000000000001_etcd.backup"
+      path:
+      awsSecret:
+  ## Node labels for etcd pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  nodeSelector: {}
+  ## additional command arguments go here; will be translated to `--key=value` form
+  ## e.g., analytics: true
+  commandArgs: {}
+  securityContext: {}
+  tolerations: {}
+
+## etcd-cluster specific values
+etcdCluster:
+  name: etcd-cluster
+  size: 3
+  version: 3.2.25
+  image:
+    repository: ranchercharts/coreos-etcd
+    tag: v3.2.25
+    pullPolicy: Always
+  enableTLS: false
+  # TLS configs
+  tls:
+    static:
+      member:
+        peerSecret: etcd-peer-tls
+        serverSecret: etcd-server-tls
+      operatorSecret: etcd-client-tls
+  ## etcd cluster pod specific values
+  ## Ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md#three-members-cluster-with-resource-requirement
+  pod:
+    ## Antiaffinity for etcd pod assignment
+    ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+    antiAffinity: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    ## Node labels for etcd pod assignment
+    ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+    nodeSelector: {}
+    securityContext: {}

charts/vault-operator/v0.1.3/questions.yml

 categories:
 - security
+labels:
+  io.rancher.certified: operator
+  io.cattle.role: project
 questions:
 - variable: defaultImage
-  default: "true"
+  default: true
   description: "Use default Docker image"
   label: Use Default Image
   type: boolean
   show_subquestion_if: false
   group: "Container Images"
   subquestions:
-  - variable: vaultOperator.image.repository
-    default: "quay.io/coreos/vault-operator"
-    description: "Vault image name"
+  - variable: image.repository
+    default: "ranchercharts/vault-operator"
+    description: "Vault operator image name"
     type: string
     label: Vault Operator Image Name
-  - variable: vaultOperator.image.tag
-    default: "latest"
+  - variable: image.tag
+    default: "0.1.9"
     description: "Values operator image tag"
     type: string
     label: Vault Operator Image Tag
-  - variable: ui.image.repository
-    default: "djenriquez/vault-ui"
-    description: "Vault image name"
+  - variable: vault.baseImage
+    default: "ranchercharts/vault"
+    description: "Vault base image name"
     type: string
-    label: Vault UI Image Name
-  - variable: ui.image.tag
-    default: "latest"
-    description: "Values UI image tag"
+    label: Vault Base Image Name
+  - variable: vault.version
+    default: "1.2.2"
+    description: "Values version"
     type: string
-    label: Vault UI Image Tag
-  - variable: etcd.image.repository
-    default: "quay.io/coreos/etcd-operator"
+    label: Vault Base Image Version
+  - variable: etcd-operator.image.repository
+    default: "ranchercharts/coreos-etcd-operator"
     description: "etcd image name"
     type: string
     label: etcd Image Name
   - variable: etcd.image.tag
-    default: "v0.8.3"
+    default: "v0.9.4"
     description: "etcd image tag"
     type: string
     label: etcd Image Tag
-- variable: ui.ingress.enabled
+# config vault service
+- variable: vault.create
   default: true
-  description: "Expose Vault-UI using Layer 7 Load Balancer - ingress"
+  description: "Create a custom vault service"
+  label: Create a New Custom Vault Service
   type: boolean
-  group: "Vault UI"
-  label: Expose Vault-UI using Layer 7 Load Balancer
+  group: "Vault Service"
   show_subquestion_if: true
-  required: true
   subquestions:
-  - variable: ui.ingress.hosts[0]
-    default: "xip.io"
-    description: "Vault-UI server ingress hostname"
-    type: hostname
+  - variable: vault.name
+    default: "my-vault"
+    label: Vault Service Name
+    description: "Set the name of custom vault service"
+    type: string
     required: true
-    label: Hostname
-- variable: ui.service.type
-  default: "NodePort"
-  description: "Server service type"
-  group: "Vault UI"
+  - variable: vault.node
+    default: 3
+    label: Vault Service Nodes
+    description: "Set the number of vault nodes"
+    min: 1
+    type: int
+    required: true
+  - variable: vault.version
+    default: "1.2.2"
+    label: Set Vault Version
+    description: "Set the version of custom vault service"
     type: enum
-  show_if: "ui.ingress.enabled=false"
-  options:
-    - "ClusterIP"
-    - "NodePort"
     required: true
-  label: Vault UI Service Type
-  show_subquestion_if: "NodePort"
-  subquestions:
-  - variable: ui.service.nodePort
-    default: ""
-    description: "NodePort http port(to set explicitly, choose port between 30000-32767)"
-    type: int
-    min: 30000
-    max: 32767
-    show_if: "ui.ingress.enabled=false"
-    label: Vault UI NodePort Http Port
+    options:
+      - "1.2.1"
+      - "1.2.2"
+# etcd-operator configs
+- variable: etcd-operator.deployments.backupOperator
+  default: true
+  description: "Deploy the etcd backup operator, one time deployment, delete once completed"
+  label: Deploy the etcd Backup Operator
+  type: boolean
+  group: "etcd-operators"
+- variable: etcd-operator.deployments.restoreOperator
+  default: true
+  description: "Deploy the etcd restore operator, one time deployment, delete once completed"
+  label: Deploy the etcd Restore Operator
+  type: boolean
+  group: "etcd-operators"

charts/vault-operator/v0.1.3/requirements.yaml

+dependencies:
+- name: etcd-operator
+  version: 0.9.0
+  condition: etcd-operator.enabled
+  repository: file://./charts/etcd-operator

charts/vault-operator/v0.1.3/templates/NOTES.txt

-## Configure port forwarding between the local machine and the first sealed Vault node:
-1. kubectl -n {{ .Release.Namespace }} get vault {{ .Release.Name }} -o jsonpath='{.status.vaultStatus.sealed[0]}' | xargs -0 -I {} kubectl -n {{ .Release.Namespace }} port-forward {} 8200
+# Vault Operator
+[vault-operator](https://github.com/coreos/vault-operator) Simplify vault cluster configuration and management.
 
-2. Open a new terminal.
+__DISCLAIMER:__ While this chart has been well-tested, the vault-operator is still currently in beta. Current project status is available [here](https://github.com/coreos/vault-operator).
 
-3. Export the following environment for Vault CLI environment:
-```
-export VAULT_ADDR='https://127.0.0.1:8200'
-export VAULT_SKIP_VERIFY="true"
-```
+### Using the Vault cluster
 
-4. Verify that the Vault server is accessible using the Vault CLI:
-```
-$vault status
+See the [Vault usage guide](https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md) on how to initialize, unseal, and use the deployed Vault cluster.
 
-Error checking seal status: Error making API request.
+Consult the [monitoring guide](https://github.com/coreos/vault-operator/blob/master/doc/user/monitoring.md) on how to monitor and alert on a Vault cluster with Prometheus.
 
-URL: GET https://127.0.0.1:8200/v1/sys/seal-status
-Code: 400. Errors:
+See the [recovery guide](https://github.com/coreos/vault-operator/blob/master/doc/user/recovery.md) on how to backup and restore Vault cluster data using the etcd opeartor
 
-* server is not yet initialized
-```
-
-5.Initialize the Vault server to generate the unseal keys and the root token. (https://www.vaultproject.io/intro/getting-started/deploy.html#initializing-the-vault)
-$vault operator init
-
-## Unsealing a sealed node
-https://www.vaultproject.io/intro/getting-started/deploy.html#seal-unseal
-```
-$ vault operator unseal
-Unseal Key (will be hidden):
-Key                Value
----                -----
-Sealed             true
-Total Shares       5
-Unseal Progress    1/3
-Unseal Nonce       786e7190-d1e2-84d2-520c-022efee5b71e
-Version            (version unknown)
-HA Enabled         true
-HA Mode            sealed
-```
-Continue with vault unseal to complete unsealing the Vault, normally 3 keys out of 5 unseal keys.
+For an overview of the default TLS configuration or how to specify custom TLS assets for a Vault cluster see the [TLS setup guide](https://github.com/coreos/vault-operator/blob/master/doc/user/tls_setup.md).

charts/vault-operator/v0.1.3/templates/_helpers.tpl

@@ -12,8 +12,19 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 */}}
 {{- define "vault-operator.fullname" -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
 
 {{/*
 Define vault operator service account name

charts/vault-operator/v0.1.3/templates/configmap.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.vault.name }}
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ template "vault-operator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  vault.hcl: |-
+    ui = true
+    disable_mlock = true

charts/vault-operator/v0.1.3/templates/etcd-operator-deploy.yaml

-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-etcd-operator
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    name: etcd-operator
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: {{ template "vault-operator.name" . }}
-        release: {{ .Release.Name }}
-        name: etcd-operator
-    spec:
-      serviceAccountName: {{ template "vault-operator.sa" . }}
-      containers:
-        - name: etcd-operator
-          image: "{{ .Values.etcd.image.repository }}:{{ .Values.etcd.image.tag }}"
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
-          command:
-          - etcd-operator
-          - "--create-crd=false"
-          env:
-          - name: MY_POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: MY_POD_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.name
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-    {{- if .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
-    {{- end }}

charts/vault-operator/v0.1.3/templates/etcd_crds.yaml

-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: etcdclusters.etcd.database.coreos.com
-  annotations:
-    "helm.sh/hook": "crd-install"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
-spec:
-  group: etcd.database.coreos.com
-  names:
-    kind: EtcdCluster
-    listKind: EtcdClusterList
-    plural: etcdclusters
-    shortNames:
-    - etcd
-    singular: etcdcluster
-  scope: Namespaced
-  version: v1beta2

charts/vault-operator/v0.1.3/templates/rbac.yaml

@@ -3,6 +3,11 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: {{ template "vault-operator.role" . }}
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ template "vault-operator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
 rules:
 - apiGroups:
   - etcd.database.coreos.com
@@ -49,6 +54,11 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: {{ template "vault-operator.rolebinding" . }}
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ template "vault-operator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
 subjects:
 - kind: ServiceAccount
   name: {{ template "vault-operator.sa" . }}

charts/vault-operator/v0.1.3/templates/ui-service.yaml → charts/vault-operator/v0.1.3/templates/service-ui.yaml

 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "vault.ui.fullname" . }}
+  name: {{ .Values.vault.name }}-access-ui
   labels:
     app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    chart: {{ template "vault-operator.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
-  type: {{ .Values.ui.service.type }}
+  type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.ui.service.externalPort }}
-      targetPort: {{ .Values.ui.service.internalPort }}
+    - name: https
+      port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.port }}
       protocol: TCP
-      name: {{ .Values.ui.service.name }}
-    {{- if .Values.ui.service.nodePort }}
-      nodePort: {{ .Values.ui.service.nodePort }}
+    {{- if and .Values.service.nodePort (eq .Values.service.type "NodePort") }}
+      nodePort: {{ .Values.service.nodePort }}
     {{- end }}
   selector:
-    app: {{ template "vault-operator.name" . }}
-    release: {{ .Release.Name }}
-    component: {{ .Values.ui.name }}
+    app: vault
+    vault_cluster: {{ .Values.vault.name }}

charts/vault-operator/v0.1.3/templates/serviceaccount.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ template "vault-operator.sa" . }}
   labels:
     app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    chart: {{ template "vault-operator.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 {{- end }}

charts/vault-operator/v0.1.3/templates/ui-ingress.yaml

-{{- if .Values.ui.ingress.enabled -}}
-{{- $serviceName := include "vault.ui.fullname" . -}}
-{{- $servicePort := .Values.ui.service.externalPort -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ template "vault.ui.fullname" . }}
-  labels:
-    app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    {{- range $key, $value := .Values.ui.ingress.annotations }}
-      {{ $key }}: {{ $value | quote }}
-    {{- end }}
-spec:
-  rules:
-    {{- range $host := .Values.ui.ingress.hosts }}
-    - host: {{ $host }}
-      http:
-        paths:
-          - path:
-            backend:
-              serviceName: {{ $serviceName }}
-              servicePort: {{ $servicePort }}
-    {{- end -}}
-  {{- if .Values.ui.ingress.tls }}
-  tls:
-{{ toYaml .Values.ui.ingress.tls | indent 4 }}
-  {{- end -}}
-{{- end -}}

charts/vault-operator/v0.1.3/templates/vault_crd.yaml → charts/vault-operator/v0.1.3/templates/vault-crd.yaml

+{{- if and .Values.enableCRDs .Release.IsInstall -}}
+{{- if not (.Capabilities.APIVersions.Has "vault.security.coreos.com/v1alpha1") }}
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: vaultservices.vault.security.coreos.com
   annotations:
     "helm.sh/hook": "crd-install"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
+    "helm.sh/resource-policy": keep
+  labels:
+    app: {{ template "vault-operator.name" . }}
+    chart: {{ template "vault-operator.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
 spec:
   group: vault.security.coreos.com
   names:
@@ -16,3 +23,5 @@ spec:
     singular: vaultservice
   scope: Namespaced
   version: v1alpha1
+{{- end }}
+{{- end -}}

charts/vault-operator/v0.1.3/templates/vault-operator-deployment.yaml

-apiVersion: apps/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "vault-operator.fullname" . }}
   labels:
     app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    chart: {{ template "vault-operator.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "vault-operator.name" . }}
+      release: {{ .Release.Name }}
+      name: vault-operator
   template:
     metadata:
       labels:
@@ -19,8 +24,13 @@ spec:
       serviceAccountName: {{ template "vault-operator.sa" . }}
       containers:
       - name: {{ .Chart.Name }}
-          image: "{{ .Values.vaultOperator.image.repository }}:{{ .Values.vaultOperator.image.tag }}"
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command:
+        - vault-operator
+{{- range $key, $value := .Values.commandArgs }}
+        - "--{{ $key }}={{ $value }}"
+{{- end }}
         env:
         - name: MY_POD_NAMESPACE
           valueFrom:
@@ -30,9 +40,39 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
+        {{- if .Values.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+        {{- end}}
+        {{- if .Values.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+        {{- end }}
         resources:
-{{ toYaml .Values.vaultOperator.resources | indent 12 }}
-    {{- if .Values.vaultOperator.nodeSelector }}
+{{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.nodeSelector }}
       nodeSelector:
-{{ toYaml .Values.vaultOperator.nodeSelector | indent 8 }}
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
     {{- end }}

charts/vault-operator/v0.1.3/templates/vault-service.yaml

+{{- if .Values.vault.create }}
 apiVersion: vault.security.coreos.com/v1alpha1
 kind: VaultService
 metadata:
-  name: {{ .Release.Name }}
+  name: {{ .Values.vault.name }}
   namespace: {{ .Release.Namespace }}
 spec:
   nodes: {{ .Values.vault.node }}
   version: {{ .Values.vault.version }}
+  baseImage: {{ .Values.vault.baseImage }}
+  configMapName: {{ .Values.vault.name }}
+  {{- if .Values.vault.etcdCluster }}
+  etcdCluster:
+{{ toYaml .Values.vault.etcdCluster | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/vault-operator/v0.1.3/templates/vault-ui-deployment.yaml

-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
-  name: {{ template "vault.ui.fullname" . }}
-  labels:
-    app: {{ template "vault-operator.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    component: {{ .Values.ui.name }}
-spec:
-  replicas: {{ .Values.ui.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "vault-operator.name" . }}
-        release: {{ .Release.Name }}
-        component: {{ .Values.ui.name }}
-    spec:
-      containers:
-        - name: {{ .Values.ui.name }}
-          image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
-          env:
-          - name: VAULT_URL_DEFAULT
-          {{- if .Values.ui.vault.url }}
-            value: {{ .Values.ui.vault.url }}
-          {{ else }}
-            value: {{ template "vault.service.url" . }}
-          {{- end }}
-          - name: VAULT_AUTH_DEFAULT
-            value: {{ .Values.ui.vault.auth }}
-          - name: NODE_TLS_REJECT_UNAUTHORIZED
-            value: '0'
-          ports:
-            - containerPort: {{ .Values.ui.service.internalPort }}
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.ui.service.internalPort }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.ui.service.internalPort }}
-          resources:
-{{ toYaml .Values.ui.resources | indent 12 }}
-    {{- if .Values.ui.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.ui.nodeSelector | indent 8 }}
-    {{- end }}

charts/vault-operator/v0.1.3/values.yaml

-# Default values for vault-operator.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+## Default values for the image
+name: vault-operator
+replicaCount: 1
+image:
+  # repository: quay.io/coreos/vault-operator
+  # https://github.com/guangbochen/vault-operator/commit/59c51300f6692bdd2e6957c7837da288596b7d56:
+  repository: ranchercharts/vault-operator
+  tag: 0.1.9
+  pullPolicy: IfNotPresent
+
+## Install Default RBAC roles and bindings
 rbac:
   create: true
 
+## Service account names and whether to create them
 serviceAccount:
   create: true
 
-imagePullPolicy: IfNotPresent
+enableCRDs: true
 
-vaultOperator:
-  replicaCount: 1
-  image:
-    repository: quay.io/coreos/vault-operator
-    tag: latest
+service:
+  type: NodePort
+  port: 8200
 
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+resources: {}
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
   # requests:
   #   cpu: 100m
   #   memory: 128Mi
-  nodeSelector: {}
 
-vault:
-  node: 2
-  version: "0.9.1-0"
+## additional command arguments go here; will be translated to `--key=value` form
+## e.g., analytics: true
+commandArgs: {}
 
-ui:
-  name: "vault-ui"
-  replicaCount: 1
-  image:
-    repository: djenriquez/vault-ui
-    tag: latest
-  service:
-    name: vault-ui
-    type: ClusterIP
-    externalPort: 8000
-    internalPort: 8000
-    # nodePort: 32001
-  ingress:
-    enabled: true
-    # Used to create Ingress record (should used with service.type: ClusterIP).
-    hosts:
-      - xip.io
-    annotations:
-    # AWS --> redirect http to https
-      # kubernetes.io/ingress.class: nginx
-      # ingress.kubernetes.io/force-ssl-redirect: "true"
-    tls:
-      # Secrets must be manually created in the namespace.
-      # - secretName: chart-example-tls
-      #   hosts:
-      #     - chart-example.local
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #  cpu: 100m
-    #  memory: 128Mi
-    # requests:
-    #  cpu: 100m
-    #  memory: 128Mi
-  nodeSelector: {}
+## Configurable health checks against the /readyz endpoint that vault-operator exposes
+readinessProbe:
+  enabled: false
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 1
+  successThreshold: 1
+  failureThreshold: 3
+livenessProbe:
+  enabled: false
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 1
+  successThreshold: 1
+  failureThreshold: 3
+
+nodeSelector: {}
 
-  vault:
-    auth: TOKEN
+tolerations: []
 
+affinity: {}
+
+vault:
+  create: true
+  name: my-vault
+  node: 1
+  version: "1.2.2"
+  baseImage: "ranchercharts/vault"
+  etcdCluster:
+    size: 3
+    version: 3.2.25
+    repository: ranchercharts/coreos-etcd
+
+
+etcd-operator:
+  enabled: true
+  deployments:
+    etcdOperator: true
+    # one time deployment, delete once completed,
+    # Ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/backup-operator.md
+    backupOperator: true
+    # one time deployment, delete once completed
+    # Ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/walkthrough/restore-operator.md
+    restoreOperator: true
 
-etcd:
-  name: etcd
     image:
-    repository: quay.io/coreos/etcd-operator
-    tag: v0.8.3
+      repository: ranchercharts/coreos-etcd-operator
+      tag: v0.9.4
+      pullPolicy: Always

charts/vault-operator/vault-logo.svg

+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 77.41 114.64"><title>Asset 1</title><g id="Layer_2" data-name="Layer 2"><g id="Logo"><path d="M10.39,89.27V87.16H8.46v2.11h-1V84.19h1v2.13h1.94V84.19h1v5.08Zm4.61,0h-.78L14.15,89a2.15,2.15,0,0,1-1.14.32c-.7,0-1-.46-1-1.09s.34-1,1.11-1H14v-.38c0-.41-.12-.55-.73-.55a5.55,5.55,0,0,0-1.06.11l-.12-.7a5.18,5.18,0,0,1,1.31-.17c1.2,0,1.55.41,1.55,1.32Zm-1-1.38h-.71c-.31,0-.4.08-.4.36s.09.37.38.37a1.55,1.55,0,0,0,.72-.19Zm3,1.46a4.67,4.67,0,0,1-1.32-.21l.13-.7a4.44,4.44,0,0,0,1.14.16c.42,0,.49-.09.49-.37s0-.34-.67-.48c-.93-.22-1-.44-1-1.15s.34-1.06,1.43-1.06a5.22,5.22,0,0,1,1.14.13l-.09.73a7,7,0,0,0-1.05-.11c-.42,0-.49.09-.49.32s0,.32.54.44c1.07.27,1.17.41,1.17,1.16S18.16,89.35,17,89.35Zm4.38-.08V86.71c0-.2-.09-.29-.31-.29a2.72,2.72,0,0,0-1,.31v2.54h-1V84.12l1,.14v1.62a3.48,3.48,0,0,1,1.4-.35c.63,0,.86.43.86,1.08v2.66Zm1.76-4.18v-.9h1v.9Zm0,4.18V85.61h1v3.67Zm1.72-3.63c0-.92.56-1.45,1.86-1.45a6.14,6.14,0,0,1,1.42.17l-.11.82A8,8,0,0,0,26.75,85c-.68,0-.9.23-.9.76v1.93c0,.53.22.76.9.76A8,8,0,0,0,28,88.36l.11.82a6.14,6.14,0,0,1-1.42.17c-1.3,0-1.86-.53-1.86-1.45Zm5.39,3.71c-1.31,0-1.66-.69-1.66-1.44V87c0-.75.35-1.44,1.66-1.44s1.66.69,1.66,1.44v.93C31.91,88.65,31.56,89.35,30.25,89.35Zm0-3c-.51,0-.71.22-.71.63v1c0,.41.2.63.71.63s.71-.22.71-.63v-1C31,86.53,30.76,86.31,30.25,86.31Zm4.35.06a7.58,7.58,0,0,0-1,.53v2.36h-1V85.61h.81l.06.41a4.35,4.35,0,0,1,1-.48Zm3.82,1.68a1.13,1.13,0,0,1-1.26,1.29,5.48,5.48,0,0,1-1-.11v1.5l-1,.14V85.61h.76l.09.31a2.06,2.06,0,0,1,1.21-.38c.77,0,1.18.44,1.18,1.27Zm-2.28.41a4.41,4.41,0,0,0,.85.1c.34,0,.48-.16.48-.49V86.78c0-.3-.12-.47-.47-.47a1.38,1.38,0,0,0-.85.33Z"/><path d="M21.73,93.36h4.12l-6.26,21H13.73l-6.26-21h4.12l5.07,17.47Z"/><path d="M37.31,114.32H34.16l-.28-1a8.38,8.38,0,0,1-4.56,1.35c-2.8,0-4-1.92-4-4.56,0-3.12,1.35-4.31,4.47-4.31h3.68v-1.61c0-1.7-.47-2.3-2.93-2.3a21.42,21.42,0,0,0-4.25.47l-.47-2.93a20,20,0,0,1,5.26-.72c4.82,0,6.23,1.7,6.23,5.54Zm-3.84-5.79H30.63c-1.26,0-1.61.35-1.61,1.51s.35,1.54,1.54,1.54a6,6,0,0,0,2.9-.79Z"/><path d="M43.35,99v10.7c0,.82.35,1.23,1.23,1.23a10.59,10.59,0,0,0,4-1.29V99h3.84v15.33H49.49L49.11,113A15.35,15.35,0,0,1,43,114.64c-2.55,0-3.46-1.79-3.46-4.53V99Z"/><path d="M54.46,114.32V92.73l3.84-.53v22.13Z"/><path d="M69.76,114a10.64,10.64,0,0,1-3.37.6c-2.8,0-4.22-1.32-4.22-4.06V102h-2.3V99h2.3V95.19L66,94.65V99h3.93L69.69,102H66v8a1.21,1.21,0,0,0,1.38,1.35,7.39,7.39,0,0,0,1.92-.31Z"/><path d="M0,0,38.57,77.41,77.41,0ZM43.16,15.54h4.49V20H43.16Zm-8.94,18H29.73V29h4.49Zm0-6.73H29.73V22.27h4.49Zm0-6.73H29.73V15.54h4.49ZM41,40.22H36.46V35.73H41Zm0-6.73H36.46V29H41Zm0-6.73H36.46V22.27H41ZM41,20H36.46V15.54H41Zm2.21,2.24h4.49v4.49H43.16Zm0,11.22V29h4.49v4.49Z"/></g></g></svg>
\ No newline at end of file