b856fd2bc5
Prerequisite that Vault is configured with authentication per https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator#configure-vault The plan would eventually be to manage Vault objects via [Crossplane](https://www.crossplane.io/).
39 lines
1.4 KiB
Jsonnet
39 lines
1.4 KiB
Jsonnet
// https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator
|
|
//
|
|
// Note that this has a prerequiste that the Vault system has been configured with appropriate
|
|
// authentication first. In particular, the specification of the set of namespaces that secrets can be synced to is set
|
|
// in `bound_service_account_namespaces` in the Vault role.
|
|
local appDef = import './app-definitions.libsonnet';
|
|
|
|
appDef.helmApplication(
|
|
name="vault-secrets-operator",
|
|
sourceRepoUrl="https://helm.releases.hashicorp.com",
|
|
sourceChart="vault-secrets-operator",
|
|
sourceTargetRevision="0.5.2",
|
|
namespace="vault-secrets-operator-system",
|
|
helmValues={
|
|
defaultVaultConnection: {
|
|
enabled: true,
|
|
address: "http://vault.vault.svc.cluster.local:8200",
|
|
skipTLSVerify: false
|
|
},
|
|
controller: {
|
|
manager: {
|
|
clientCache: {
|
|
persistenceModel: "direct-encrypted",
|
|
storageEncryption: {
|
|
enabled: true,
|
|
mount: "demo-auth-mount",
|
|
keyName: "vso-client-cache",
|
|
transitMount: "demo-transit",
|
|
kubernetes: {
|
|
role: "auth-role-operator",
|
|
serviceAccount: "demo-operator"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
)
|