scubbo/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Plugins dir for Vault

Browse Source
This commit is contained in:
Jack Jackson 2025-03-14 21:19:36 -07:00
parent d8cad832ba
commit a90cc33d1c
5 changed files with 107 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
app-of-apps/app-definitions.libsonnet
View File

@ -104,6 +104,59 @@
syncOptions: ["CreateNamespace=true"] syncOptions: ["CreateNamespace=true"]
} }
} }
},
# Sometimes we want to use an existing remote Helm chart
# but add some locally-defined resources into the Application
helmRemotePlusLocalApplication(
name,
sourceRepoUrl,
sourceChart,
sourceTargetRevision,
pathToLocal="",
namespace="",
helmValues={},
nonHelmApp=false) ::
{
apiVersion: "argoproj.io/v1alpha1",
kind: "Application",
metadata: {
name: name,
namespace: "argo",
finalizers: ["resources-finalizer.argocd.argoproj.io"]
},
spec: {
project: "default",
sources: [
{
chart: sourceChart,
repoURL: sourceRepoUrl,
targetRevision: sourceTargetRevision,
[if helmValues != {} then "helm"]: {
valuesObject: helmValues
}
},
{
repoURL: "https://gitea.scubbo.org/scubbo/helm-charts.git",
targetRevision: "HEAD",
path: if pathToLocal == "" then std.join('/', ['charts', name]) else pathToLocal,
// I _think_ every locally-defined chart is going to have a `values.yaml`, but we can make this
// parameterized if desired
[if nonHelmApp != true then "helm"]: {
valueFiles: ['values.yaml']
}
}
],
destination: {
server: "https://kubernetes.default.svc",
namespace: if namespace == "" then name else namespace
},
syncPolicy: {
automated: {
prune: true
},
syncOptions: ["CreateNamespace=true"]
}
}
} }
} }

36
app-of-apps/vault.jsonnet
View File

@ -1,6 +1,6 @@
local appDef = import './app-definitions.libsonnet'; local appDef = import './app-definitions.libsonnet';
appDef.helmApplication( appDef.helmRemotePlusLocalApplication(
name="vault", name="vault",
sourceRepoUrl="https://helm.releases.hashicorp.com", sourceRepoUrl="https://helm.releases.hashicorp.com",
sourceChart="vault", sourceChart="vault",
@ -31,7 +31,39 @@ appDef.helmApplication(
dataStorage: { dataStorage: {
size: "20Gi", size: "20Gi",
storageClass: "freenas-iscsi-csi" storageClass: "freenas-iscsi-csi"
} },
standalone: {
config: |||
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}
# Everything above this line is the default.
#
# Enable Plugins (originally for GitHub Secrets Plugin)
plugin_directory = "/etc/vault/plugins"
|||
},
volumes: [
{
name: "plugins",
persistentVolumeClaim: {
claimName: "vault-plugin-claim"
}
}
],
volumeMounts: [
{
name: "plugins",
mountPath: "/etc/vault/plugins"
}
]
} }
} }
) )

7
charts/vault/Chart.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v2
name: vault-extra-resources
description: Extra resources in support of Vault official Helm Chart
type: application
version: 0.1.0
appVersion: "1.0.0"

11
charts/vault/templates/pvc.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vault-plugin-claim
spec:
accessModes:
- "ReadWriteOnce"
storageClassName: "freenas-iscsi-csi"
resources:
requests:
storage: "1Gi"

1
charts/vault/values.yaml Normal file
View File

@ -0,0 +1 @@
# No configuration required