From 152d191adc48f9769a5ea08c2d7fe2edfb5c176c Mon Sep 17 00:00:00 2001
From: Vojtech Mares <iam@vojtechmares.com>
Date: Sat, 3 Sep 2022 13:57:08 +0200
Subject: [PATCH] feat: add vault

---
 _argocd/apps/vault.yaml | 20 ++++++++++++++++++++
 apps/vault/Chart.yaml   | 15 +++++++++++++++
 apps/vault/values.yaml  | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+)
 create mode 100644 _argocd/apps/vault.yaml
 create mode 100644 apps/vault/Chart.yaml
 create mode 100644 apps/vault/values.yaml

diff --git a/_argocd/apps/vault.yaml b/_argocd/apps/vault.yaml
new file mode 100644
index 0000000..cb08f35
--- /dev/null
+++ b/_argocd/apps/vault.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault
+  namespace: argocd
+spec:
+  destination:
+    namespace: vault
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: apps/vault
+    repoURL: https://gitlab.mareshq.com/gitops/mareshq/bee.git
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/apps/vault/Chart.yaml b/apps/vault/Chart.yaml
new file mode 100644
index 0000000..e05ab75
--- /dev/null
+++ b/apps/vault/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: vault
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.0"
+
+dependencies:
+- name: vault
+  version: 0.21.0
+  repository: https://helm.releases.hashicorp.com
+# Consul is storage for Vault (required in HA mode)
+- name: consul
+  version: 0.21.0
+  repository: https://helm.releases.hashicorp.com
diff --git a/apps/vault/values.yaml b/apps/vault/values.yaml
new file mode 100644
index 0000000..0adf80a
--- /dev/null
+++ b/apps/vault/values.yaml
@@ -0,0 +1,36 @@
+vault:
+  global:
+  tlsDisable: true
+
+  injector:
+    enabled: false
+
+  server:
+    ingress:
+      enabled: true
+      ingressClassName: nginx
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-prod
+      pathType: Prefix
+      tls:
+      - secretName: vault-tls
+        hosts:
+          - vault.cloud.mareshq.com
+      hosts:
+      - host: vault.cloud.mareshq.com
+        paths:
+          - /
+
+    dataStorage:
+      enabled: true
+      size: 1Gi
+
+    auditStorage:
+      enabled: true
+      size: 1Gi
+
+    ha:
+      enabled: true
+      replicas: 3
+      raft:
+        enabled: true