54 lines
1.4 KiB
Jsonnet
54 lines
1.4 KiB
Jsonnet
// https://docs.crossplane.io/v1.15/software/install/#installed-deployments
|
|
local appDef = import './app-definitions.libsonnet';
|
|
|
|
// Installation of Vault Provider is left manually, since it relies on secret creation:
|
|
// https://github.com/upbound/provider-vault
|
|
//
|
|
// Also required created a role to bind to the ServiceAccount:
|
|
//
|
|
// apiVersion: rbac.authorization.k8s.io/v1
|
|
// kind: ClusterRoleBinding
|
|
// metadata:
|
|
// name: vault-provider-role-binding
|
|
// namespace: crossplane-system
|
|
// roleRef:
|
|
// apiGroup: rbac.authorization.k8s.io
|
|
// kind: ClusterRole
|
|
// name: vault-provider-role
|
|
// subjects:
|
|
// - kind: ServiceAccount
|
|
// name: provider-vault-b61923ede364
|
|
// namespace: crossplane-system
|
|
// ---
|
|
// apiVersion: rbac.authorization.k8s.io/v1
|
|
// kind: ClusterRole
|
|
// metadata:
|
|
// name: vault-provider-role
|
|
// namespace: crossplane-system
|
|
// rules:
|
|
// - apiGroups:
|
|
// - identity.vault.upbound.io
|
|
// resources:
|
|
// - mfaoktas
|
|
// - groupmembergroupidsidses
|
|
// - groupmemberentityidsidses
|
|
// verbs:
|
|
// - get
|
|
// - list
|
|
// - watch
|
|
// - apiGroups:
|
|
// - mfa.vault.upbound.io
|
|
// resources:
|
|
// - oktas
|
|
// verbs:
|
|
// - get
|
|
// - list
|
|
// - watch
|
|
appDef.helmApplication(
|
|
name="crossplane",
|
|
sourceRepoUrl="https://charts.crossplane.io/stable",
|
|
sourceChart="crossplane",
|
|
sourceTargetRevision="1.15.0",
|
|
namespace="crossplane-system"
|
|
)
|