DO NOT MERGE initial vault crd config

hyperledger · Jul 26, 2023 · a64fe7b · a64fe7b
1 parent 1c71d25
commit a64fe7b
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 55 deletions.
diff --git a/infrastructure/charts/agent/Chart.lock b/infrastructure/charts/agent/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: vault
-  repository: https://helm.releases.hashicorp.com
-  version: 0.24.1
-digest: sha256:f9ee9a8708d36ff7fcf9334fe17404147be8c124ead65830ee72bd4f43c262cd
-generated: "2023-06-16T14:40:33.224500592+10:00"
+  repository: https://kubernetes-charts.banzaicloud.com
+  version: 1.19.0
+digest: sha256:cf6925c98680b5c0e1dd45364ab6248a7446714b6472d865e24b81d0f9c1fbfd
+generated: "2023-07-26T14:50:35.950562014+10:00"
diff --git a/infrastructure/charts/agent/Chart.yaml b/infrastructure/charts/agent/Chart.yaml
@@ -19,7 +19,3 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.9.1"
-dependencies:
-  - name: "vault"
-    version: "0.24.1"
-    repository: "https://helm.releases.hashicorp.com"
diff --git a/infrastructure/charts/agent/templates/deployment.yaml b/infrastructure/charts/agent/templates/deployment.yaml
@@ -123,12 +123,12 @@ spec:
           {{- end }}
           {{- if .Values.server.useVault }}
           - name: VAULT_ADDR
-            value: "http://{{ .Release.Namespace }}-vault.{{ .Release.Namespace }}:8200"
+            value: "http://{{ .Release.Namespace }}-vault-0.{{ .Release.Namespace }}:8200"
           - name: VAULT_TOKEN
             valueFrom:
               secretKeyRef:
-                name: vault-root-token
-                key: root-token
+                name: vault-unseal-keys
+                key: vault-root
                 optional: false
           {{- end }}
           {{- range $key, $value := .Values.server.additionalEnvVariables }}

diff --git a/infrastructure/charts/agent/templates/vault-unseal.yaml b/infrastructure/charts/agent/templates/vault-unseal.yaml
diff --git a/infrastructure/charts/agent/templates/vaultstandalone.yaml b/infrastructure/charts/agent/templates/vaultstandalone.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.server.useVault }}
+apiVersion: "vault.banzaicloud.com/v1alpha1"
+kind: "Vault"
+metadata:
+  name: "vault"
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    app.kubernetes.io/name: vault
+    vault_cr: vault
+spec:
+  size: 1
+  image: hashicorp/vault:1.14.0
+  serviceAccount: vault
+  serviceType: ClusterIP
+  ingress:
+    annotations: {}
+    spec: {}
+  volumeClaimTemplates:
+    - metadata:
+        name: vault-raft
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        volumeMode: Filesystem
+        resources:
+          requests:
+            storage: 1Gi
+  volumeMounts:
+    - name: vault-raft
+      mountPath: /vault/file
+  # Describe where you would like to store the Vault unseal keys and root token.
+  unsealConfig:
+    options:
+      # The preFlightChecks flag enables unseal and root token storage tests
+      # This is true by default
+      preFlightChecks: true
+      # The storeRootToken flag enables storing of root token in chosen storage
+      # This is true by default
+      storeRootToken: true
+    kubernetes:
+      secretNamespace: "{{ .Release.Namespace }}"
+  # A YAML representation of a final vault config file.
+  # See https://www.vaultproject.io/docs/configuration/ for more information.
+  config:
+    storage:
+      raft:
+        path: "/vault/file"
+    listener:
+      tcp:
+        address: "0.0.0.0:8200"
+        tls_disable: true
+    api_addr: "http://{{ .Release.Namespace }}-vault-0.{{ .Release.Namespace }}:8200"
+    cluster_addr: "http://{{ .Release.Namespace }}-vault-0.{{ .Release.Namespace }}:8201"
+    ui: true
+  statsdDisabled: true
+  serviceRegistrationEnabled: true
+  externalConfig:
+    secrets:
+      - path: secret
+        type: kv
+        description: General secrets.
+        options:
+          version: 2
+{{- end }}