diff --git a/app-of-apps/app-definitions.libsonnet b/app-of-apps/app-definitions.libsonnet index ffbdd1a..fd21c29 100644 --- a/app-of-apps/app-definitions.libsonnet +++ b/app-of-apps/app-definitions.libsonnet @@ -104,6 +104,59 @@ syncOptions: ["CreateNamespace=true"] } } + }, + # Sometimes we want to use an existing remote Helm chart + # but add some locally-defined resources into the Application + helmRemotePlusLocalApplication( + name, + sourceRepoUrl, + sourceChart, + sourceTargetRevision, + pathToLocal="", + namespace="", + helmValues={}, + nonHelmApp=false) :: + { + apiVersion: "argoproj.io/v1alpha1", + kind: "Application", + metadata: { + name: name, + namespace: "argo", + finalizers: ["resources-finalizer.argocd.argoproj.io"] + }, + spec: { + project: "default", + sources: [ + { + chart: sourceChart, + repoURL: sourceRepoUrl, + targetRevision: sourceTargetRevision, + [if helmValues != {} then "helm"]: { + valuesObject: helmValues + } + }, + { + repoURL: "https://gitea.scubbo.org/scubbo/helm-charts.git", + targetRevision: "HEAD", + path: if pathToLocal == "" then std.join('/', ['charts', name]) else pathToLocal, + // I _think_ every locally-defined chart is going to have a `values.yaml`, but we can make this + // parameterized if desired + [if nonHelmApp != true then "helm"]: { + valueFiles: ['values.yaml'] + } + } + ], + destination: { + server: "https://kubernetes.default.svc", + namespace: if namespace == "" then name else namespace + }, + syncPolicy: { + automated: { + prune: true + }, + syncOptions: ["CreateNamespace=true"] + } + } } } diff --git a/app-of-apps/vault.jsonnet b/app-of-apps/vault.jsonnet index 76c0dd8..4434e49 100644 --- a/app-of-apps/vault.jsonnet +++ b/app-of-apps/vault.jsonnet @@ -1,6 +1,6 @@ local appDef = import './app-definitions.libsonnet'; -appDef.helmApplication( +appDef.helmRemotePlusLocalApplication( name="vault", sourceRepoUrl="https://helm.releases.hashicorp.com", sourceChart="vault", @@ -31,7 +31,39 @@ appDef.helmApplication( dataStorage: { size: "20Gi", storageClass: "freenas-iscsi-csi" - } + }, + standalone: { + config: ||| + ui = true + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + + } + storage "file" { + path = "/vault/data" + } + # Everything above this line is the default. + # + # Enable Plugins (originally for GitHub Secrets Plugin) + plugin_directory = "/etc/vault/plugins" + ||| + }, + volumes: [ + { + name: "plugins", + persistentVolumeClaim: { + claimName: "vault-plugin-claim" + } + } + ], + volumeMounts: [ + { + name: "plugins", + mountPath: "/etc/vault/plugins" + } + ] } } -) \ No newline at end of file +) diff --git a/charts/vault/Chart.yaml b/charts/vault/Chart.yaml new file mode 100644 index 0000000..2c973db --- /dev/null +++ b/charts/vault/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: vault-extra-resources +description: Extra resources in support of Vault official Helm Chart + +type: application +version: 0.1.0 +appVersion: "1.0.0" \ No newline at end of file diff --git a/charts/vault/templates/pvc.yaml b/charts/vault/templates/pvc.yaml new file mode 100644 index 0000000..2fde041 --- /dev/null +++ b/charts/vault/templates/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vault-plugin-claim +spec: + accessModes: + - "ReadWriteOnce" + storageClassName: "freenas-iscsi-csi" + resources: + requests: + storage: "1Gi" diff --git a/charts/vault/values.yaml b/charts/vault/values.yaml new file mode 100644 index 0000000..7e712bb --- /dev/null +++ b/charts/vault/values.yaml @@ -0,0 +1 @@ +# No configuration required \ No newline at end of file