freezer/mareshq-gitops-legacy
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2025-08-23. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
mareshq-gitops-legacy/clusters/cherry/apps/vault.yaml

131 lines
3.9 KiB
YAML
Raw Blame History

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cherry-vault
namespace: argocd
spec:
project: infrastructure
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
server: https://kubernetes.default.svc
namespace: vault
source:
chart: vault
repoURL: https://helm.releases.hashicorp.com
targetRevision: 0.25.0
helm:
releaseName: vault
valuesObject:
global:
enabled: true
tlsDisable: false
injector:
enabled: false
server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_verify off;
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
pathType: Prefix
tls:
- secretName: vault-ingress-tls
hosts:
- vault.mareshq.com
hosts:
- host: vault.mareshq.com
paths:
- /
extraEnvironmentVars:
VAULT_CACERT: /vault/userconfig/server-ca/ca.crt
extraVolumes:
- type: secret
name: server-tls
- type: secret
name: server-ca
resources:
requests:
memory: 512Mi
cpu: 400m
limits:
memory: 1Gi
cpu: 400m
readinessProbe:
enabled: true
path: "/v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204"
livenessProbe:
enabled: true
path: "/v1/sys/health?standbyok=true"
initialDelaySeconds: 60
auditStorage:
enabled: true
size: 5Gi
dataStorage:
enabled: true
size: 5Gi
standalone:
enabled: false
ha:
enabled: true
replicas: 3
disruptionBudget:
enabled: true
raft:
enabled: true
setNodeId: true
config: |
ui = true
listener "tcp" {
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/server-tls/tls.crt"
tls_key_file = "/vault/userconfig/server-tls/tls.key"
tls_client_ca_file = "/vault/userconfig/server-ca/tls-combined.pem"
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-0.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
}
retry_join {
leader_api_addr = "https://vault-1.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
}
retry_join {
leader_api_addr = "https://vault-2.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/server-ca/ca.crt"
leader_client_cert_file = "/vault/userconfig/server-tls/tls.crt"
leader_client_key_file = "/vault/userconfig/server-tls/tls.key"
}
}
service_registration "kubernetes" {}
View git blame Copy permalink