Missing Support for Configurable `imagePullSecrets` and `securityContext` in Helm Chart

[simkope]

Preflight Checklist

• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I agree to follow the Code of Conduct.

Problem Description

We are deploying Vault in an air-gapped environment using the vault-helm-chart and have identified two areas that require enhancements to support this setup:

---

1. Configurable imagePullSecrets

To facilitate pulling images from private registries, it's essential to have the ability to specify imagePullSecrets in the Helm chart.

Missing in:

• secret-cleanup.yaml
• statefulset.yaml

Proposed addition in templates:

imagePullSecrets:
  {{- toYaml .Values.imagePullSecrets | nindent 8 }}

And in values.yaml:

imagePullSecrets: []

This approach aligns with practices observed in other Helm charts, such as the HashiCorp Vault Helm Chart, which supports configurable imagePullSecrets.

---

2. Configurable securityContext

In environments where the following policy is applied:

pod-security.kubernetes.io/enforce: restricted

…it becomes necessary to configure the securityContext for all containers to comply with security standards.

This enhancement is similar to the request made in bank-vaults/bank-vaults#1442, which emphasizes the need for configurable securityContext settings to run Vault instances as non-root users.

Request: Allow configuration of securityContext for all containers (Vault, vault-unsealer, etc.) via values.yaml.

Proposed Solution

• Introduce an imagePullSecrets parameter in the values.yaml file and reference it in the relevant templates (secret-cleanup.yaml and statefulset.yaml).
• Add configurable securityContext parameters in the values.yaml file for all containers, enabling users to define security settings that comply with their cluster's security policies.

Alternatives Considered

No response

Additional Information

Implementing these enhancements will improve the flexibility and security compliance of the vault-helm-chart, particularly for users operating in air-gapped environments or clusters with strict security policies.

Thanks for your work on this chart — happy to contribute a PR if this sounds good!

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[JuryA]

@simkope This is an excellent point—thank you for highlighting it. I'm currently preparing a PR proposal to address this aspect.

[JuryA]

Status Update

I’ve prepared two pull requests addressing the needs mentioned in this issue:

• One PR adds support for configurable imagePullSecrets in the appropriate templates and updates values.yaml accordingly. feat: Enhance Image Handling and Add Private Registry Support in Vault Helm Chart #299
• The second PR introduces configurable securityContext parameters for all containers, making it easier to comply with strict security policies. feat: Enhance Security Context Compatibility and OpenShift Support + Add Dynamic Configuration Options to Vault Helm Chart #300

Looking forward to feedback and review!