refactor(cherry/vault): drop internal tls
This commit is contained in:
parent
af72089b74
commit
5d29e8b657
GPG key ID:
C6827B976F17240D
1 changed files with 5 additions and 53 deletions
|
|
@ -3,6 +3,8 @@ kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: cherry-vault
|
name: cherry-vault
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
spec:
|
spec:
|
||||||
project: infrastructure
|
project: infrastructure
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
|
|
@ -23,7 +25,7 @@ spec:
|
||||||
valuesObject:
|
valuesObject:
|
||||||
global:
|
global:
|
||||||
enabled: true
|
enabled: true
|
||||||
tlsDisable: false
|
tlsDisable: true
|
||||||
|
|
||||||
injector:
|
injector:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
@ -34,9 +36,6 @@ spec:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
nginx.ingress.kubernetes.io/server-snippet: |
|
|
||||||
proxy_ssl_verify off;
|
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
tls:
|
tls:
|
||||||
- secretName: vault-ingress-tls
|
- secretName: vault-ingress-tls
|
||||||
|
|
@ -47,15 +46,6 @@ spec:
|
||||||
paths:
|
paths:
|
||||||
- /
|
- /
|
||||||
|
|
||||||
extraEnvironmentVars:
|
|
||||||
VAULT_CACERT: /vault/userconfig/server-ca/ca.crt
|
|
||||||
|
|
||||||
extraVolumes:
|
|
||||||
- type: secret
|
|
||||||
name: server-tls
|
|
||||||
- type: secret
|
|
||||||
name: server-ca
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
|
|
@ -74,11 +64,11 @@ spec:
|
||||||
|
|
||||||
auditStorage:
|
auditStorage:
|
||||||
enabled: true
|
enabled: true
|
||||||
size: 5Gi
|
size: 1Gi
|
||||||
|
|
||||||
dataStorage:
|
dataStorage:
|
||||||
enabled: true
|
enabled: true
|
||||||
size: 5Gi
|
size: 1Gi
|
||||||
|
|
||||||
standalone:
|
standalone:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
@ -92,41 +82,3 @@ spec:
|
||||||
raft:
|
raft:
|
||||||
enabled: true
|
enabled: true
|
||||||
setNodeId: true
|
setNodeId: true
|
||||||
|
|
||||||
config: |
|
|
||||||
ui = true
|
|
||||||
|
|
||||||
listener "tcp" {
|
|
||||||
address = "[::]:8200"
|
|
||||||
cluster_address = "[::]:8201"
|
|
||||||
tls_cert_file = "/vault/userconfig/server-tls/tls.crt"
|
|
||||||
tls_key_file = "/vault/userconfig/server-tls/tls.key"
|
|
||||||
tls_client_ca_file = "/vault/userconfig/server-ca/tls-combined.pem"
|
|
||||||
}
|
|
||||||
|
|
||||||
storage "raft" {
|
|
||||||
path = "/vault/data"
|
|
||||||
|
|
||||||
retry_join {
|
|
||||||
leader_api_addr = "https://vault-0.vault-internal:8200"
|
|
||||||
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
|
|
||||||
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
|
|
||||||
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
retry_join {
|
|
||||||
leader_api_addr = "https://vault-1.vault-internal:8200"
|
|
||||||
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
|
|
||||||
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
|
|
||||||
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
|
|
||||||
}
|
|
||||||
|
|
||||||
retry_join {
|
|
||||||
leader_api_addr = "https://vault-2.vault-internal:8200"
|
|
||||||
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
|
|
||||||
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
|
|
||||||
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
service_registration "kubernetes" {}
|
|
||||||
|
|
|
||||||
Reference in a new issue