Update values.yaml to handle tlsDisable=false and update developer documentation
Summary
Currently there are a few cumbersome changes that are needed to be made in order to have Vault work with a PASSTHROUGH
gateway (i.e. TLS termination occurs within the Vault container itself, not the istio sidecar). We should look to make it possible to dictate Vault configuration based on the state of a few key values:
global.tlsDisable
istio.vault.tls.key
istio.vault.tls.cert
If the three values above are truthy, we should set Vault configuration for ha
, standalone
, and raft
use cases accordingly, to serve up the provided certificates. This involves adding the following lines to the config
block for each of the three deployment strategies:
tls_disable = 0
tls_key_file = "/vault/tls/tls.key"
tls_cert_file = "/vault/tls/tls.crt"
Additionally, the developer documentation should be updated to give better guidance for how BB developers can set up Vault to work with a PASSTHROUGH
gateway, as the instructions are currently innaccurate/incomplete.