feat: add vault

2022-09-03 13:57:08 +02:00 · 2022-09-03 13:57:08 +02:00 · 152d191adc
commit 152d191adc
parent e2d1468db7
3 changed files with 71 additions and 0 deletions
--- a/_argocd/apps/vault.yaml
+++ b/_argocd/apps/vault.yaml
@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault
+  namespace: argocd
+spec:
+  destination:
+    namespace: vault
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: apps/vault
+    repoURL: https://gitlab.mareshq.com/gitops/mareshq/bee.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
--- a/apps/vault/Chart.yaml
+++ b/apps/vault/Chart.yaml
@ -0,0 +1,15 @@
+apiVersion: v2
+name: vault
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.0"
+
+dependencies:
+- name: vault
+  version: 0.21.0
+  repository: https://helm.releases.hashicorp.com
+# Consul is storage for Vault (required in HA mode)
+- name: consul
+  version: 0.21.0
+  repository: https://helm.releases.hashicorp.com
--- a/apps/vault/values.yaml
+++ b/apps/vault/values.yaml
@ -0,0 +1,36 @@
+vault:
+  global:
+  tlsDisable: true
+
+  injector:
+    enabled: false
+
+  server:
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-prod
+      pathType: Prefix
+      tls:
+      - secretName: vault-tls
+        hosts:
+          - vault.cloud.mareshq.com
+      hosts:
+      - host: vault.cloud.mareshq.com
+        paths:
+          - /
+
+    dataStorage:
+      enabled: true
+      size: 1Gi
+
+    auditStorage:
+      enabled: true
+      size: 1Gi
+
+    ha:
+      enabled: true
+      replicas: 3
+      raft:
+        enabled: true