Prerequisite that Vault is configured with authentication per https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator#configure-vault The plan would eventually be to manage Vault objects via [Crossplane](https://www.crossplane.io/).
parent
3140ea8b0d
commit
b0623eb2f7
@ -0,0 +1,38 @@ |
||||
// https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator |
||||
// |
||||
// Note that this has a prerequiste that the Vault system has been configured with appropriate |
||||
// authentication first. In particular, the specification of the set of namespaces that secrets can be synced to is set |
||||
// in `bound_service_account_namespaces` in the Vault role. |
||||
local appDef = import './app-definitions.libsonnet'; |
||||
|
||||
appDef.helmApplication( |
||||
name="vault-secrets-operator", |
||||
sourceRepoUrl="https://helm.releases.hashicorp.com", |
||||
sourceChart="vault-secrets-operator", |
||||
sourceTargetRevision="0.5.2", |
||||
namespace="vault-secrets-operator-system", |
||||
helmValues={ |
||||
defaultVaultConnection: { |
||||
enabled: true, |
||||
adddress: "http://vault.vault.svc.cluster.local:8200", |
||||
skipTLSVerify: false |
||||
}, |
||||
controller: { |
||||
manager: { |
||||
clientCache: { |
||||
persistenceModel: "direct-encrypted", |
||||
storageEncryption: { |
||||
enabled: true, |
||||
mount: "demo-auth-mount", |
||||
keyName: "vso-client-cache", |
||||
transitMount: "demo-transit", |
||||
kubernetes: { |
||||
role: "auth-role-operator", |
||||
serviceAccount: "demo-operator" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
) |
Loading…
Reference in new issue