From 69efd24f0c4d5da6ce1d11cce3c2acbaf8ea101f Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 30 Sep 2023 01:14:38 +0200 Subject: [PATCH] feat(cherry): add vault --- clusters/cherry/apps/vault.yaml | 89 +++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 clusters/cherry/apps/vault.yaml diff --git a/clusters/cherry/apps/vault.yaml b/clusters/cherry/apps/vault.yaml new file mode 100644 index 0000000..fc2807c --- /dev/null +++ b/clusters/cherry/apps/vault.yaml @@ -0,0 +1,89 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cherry-vault + namespace: argocd +spec: + project: infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + server: https://kubernetes.default.svc + namespace: vault + source: + chart: vault + repoURL: https://charts.hetzner.cloud + targetRevision: 2.5.1 + helm: + releaseName: vault + valuesObject: + global: + enabled: true + tlsDisable: false + + injector: + enabled: true + resources: + requests: + memory: 256Mi + cpu: 250m + limits: + memory: 256Mi + cpu: 250m + + server: + ingress: + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + pathType: Prefix + tls: + - secretName: vault-tls + hosts: + - vault.mareshq.com + hosts: + - host: vault.mareshq.com + paths: + - / + + resources: + requests: + memory: 512Mi + cpu: 400m + limits: + memory: 1Gi + cpu: 400m + + readinessProbe: + enabled: true + path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204" + livenessProbe: + enabled: true + path: "/v1/sys/health?standbyok=true" + initialDelaySeconds: 60 + + auditStorage: + enabled: true + size: 5Gi + + dataStorage: + enabled: true + size: 5Gi + + standalone: + enabled: false + + ha: + enabled: true + replicas: 3 + raft: + enabled: true + setNodeId: true + + disruptionBudget: + enabled: true