Add Plugins dir for Vault
This commit is contained in:
Jack Jackson
parent
d8cad832ba
commit
a90cc33d1c
@ -104,6 +104,59 @@
|
||||
syncOptions: ["CreateNamespace=true"]
|
||||
}
|
||||
}
|
||||
},
|
||||
# Sometimes we want to use an existing remote Helm chart
|
||||
# but add some locally-defined resources into the Application
|
||||
helmRemotePlusLocalApplication(
|
||||
name,
|
||||
sourceRepoUrl,
|
||||
sourceChart,
|
||||
sourceTargetRevision,
|
||||
pathToLocal="",
|
||||
namespace="",
|
||||
helmValues={},
|
||||
nonHelmApp=false) ::
|
||||
{
|
||||
apiVersion: "argoproj.io/v1alpha1",
|
||||
kind: "Application",
|
||||
metadata: {
|
||||
name: name,
|
||||
namespace: "argo",
|
||||
finalizers: ["resources-finalizer.argocd.argoproj.io"]
|
||||
},
|
||||
spec: {
|
||||
project: "default",
|
||||
sources: [
|
||||
{
|
||||
chart: sourceChart,
|
||||
repoURL: sourceRepoUrl,
|
||||
targetRevision: sourceTargetRevision,
|
||||
[if helmValues != {} then "helm"]: {
|
||||
valuesObject: helmValues
|
||||
}
|
||||
},
|
||||
{
|
||||
repoURL: "https://gitea.scubbo.org/scubbo/helm-charts.git",
|
||||
targetRevision: "HEAD",
|
||||
path: if pathToLocal == "" then std.join('/', ['charts', name]) else pathToLocal,
|
||||
// I _think_ every locally-defined chart is going to have a `values.yaml`, but we can make this
|
||||
// parameterized if desired
|
||||
[if nonHelmApp != true then "helm"]: {
|
||||
valueFiles: ['values.yaml']
|
||||
}
|
||||
}
|
||||
],
|
||||
destination: {
|
||||
server: "https://kubernetes.default.svc",
|
||||
namespace: if namespace == "" then name else namespace
|
||||
},
|
||||
syncPolicy: {
|
||||
automated: {
|
||||
prune: true
|
||||
},
|
||||
syncOptions: ["CreateNamespace=true"]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
local appDef = import './app-definitions.libsonnet';
|
||||
|
||||
appDef.helmApplication(
|
||||
appDef.helmRemotePlusLocalApplication(
|
||||
name="vault",
|
||||
sourceRepoUrl="https://helm.releases.hashicorp.com",
|
||||
sourceChart="vault",
|
||||
@ -31,7 +31,39 @@ appDef.helmApplication(
|
||||
dataStorage: {
|
||||
size: "20Gi",
|
||||
storageClass: "freenas-iscsi-csi"
|
||||
}
|
||||
},
|
||||
standalone: {
|
||||
config: |||
|
||||
ui = true
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
|
||||
}
|
||||
storage "file" {
|
||||
path = "/vault/data"
|
||||
}
|
||||
# Everything above this line is the default.
|
||||
#
|
||||
# Enable Plugins (originally for GitHub Secrets Plugin)
|
||||
plugin_directory = "/etc/vault/plugins"
|
||||
|||
|
||||
},
|
||||
volumes: [
|
||||
{
|
||||
name: "plugins",
|
||||
persistentVolumeClaim: {
|
||||
claimName: "vault-plugin-claim"
|
||||
}
|
||||
}
|
||||
],
|
||||
volumeMounts: [
|
||||
{
|
||||
name: "plugins",
|
||||
mountPath: "/etc/vault/plugins"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
)
|
||||
)
|
||||
|
||||
7
charts/vault/Chart.yaml
Normal file
7
charts/vault/Chart.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
apiVersion: v2
|
||||
name: vault-extra-resources
|
||||
description: Extra resources in support of Vault official Helm Chart
|
||||
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: "1.0.0"
|
||||
11
charts/vault/templates/pvc.yaml
Normal file
11
charts/vault/templates/pvc.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: vault-plugin-claim
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
storageClassName: "freenas-iscsi-csi"
|
||||
resources:
|
||||
requests:
|
||||
storage: "1Gi"
|
||||
1
charts/vault/values.yaml
Normal file
1
charts/vault/values.yaml
Normal file
@ -0,0 +1 @@
|
||||
# No configuration required
|
||||
Loading…
x
Reference in New Issue
Block a user