diff --git a/kustomization.yaml b/kustomization.yaml index 44c4c84..13c59c7 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -5,3 +5,4 @@ resources: - ./manifests/cert-manager/ - ./manifests/argo/ - ./manifests/secrets/ + - ./manifests/kube-system/ diff --git a/manifests/kube-system/kustomization.yaml b/manifests/kube-system/kustomization.yaml new file mode 100644 index 0000000..5931d54 --- /dev/null +++ b/manifests/kube-system/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: kube-system + +resources: + - ./vault.yaml + - ./vaultChartConfig.yaml diff --git a/manifests/kube-system/vault.yaml b/manifests/kube-system/vault.yaml new file mode 100644 index 0000000..88f6cb1 --- /dev/null +++ b/manifests/kube-system/vault.yaml @@ -0,0 +1,12 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: vault +spec: + repo: https://helm.releases.hashicorp.com + chart: vault + targetNamespace: kube-system + version: 0.32.0 + valuesContent: |- + + diff --git a/manifests/kube-system/vaultChartConfig.yaml b/manifests/kube-system/vaultChartConfig.yaml new file mode 100644 index 0000000..3e6dc53 --- /dev/null +++ b/manifests/kube-system/vaultChartConfig.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: vault +spec: + valuesContent: |- + global: + externalVaultAddr: "vault.milasholsting.dk" + injector: + # True if you want to enable vault agent injection. + # @default: global.enabled + enabled: "-" + server: + standalone: + enabled: "true" + config: |- + ui = true + + listener "tcp" { + tls_disable = 1 + address = "[::]:8200" + cluster_address = "[::]:8201" + # Enable unauthenticated metrics access (necessary for Prometheus Operator) + #telemetry { + # unauthenticated_metrics_access = "true" + #} + } + storage "file" { + path = "/vault/data" + } + ui: + enabled: false + + + diff --git a/manifests/s3/kustomization.yaml b/manifests/s3/kustomization.yaml index 1341117..c97dd29 100644 --- a/manifests/s3/kustomization.yaml +++ b/manifests/s3/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ./namespace.yaml - ./rustfs-ingress.yaml - ./rustfsChartConfig.yaml -# - ./cert.yaml + - ./cert.yaml diff --git a/manifests/s3/rustfsChartConfig.yaml b/manifests/s3/rustfsChartConfig.yaml index b78bdc3..a1b20f4 100644 --- a/manifests/s3/rustfsChartConfig.yaml +++ b/manifests/s3/rustfsChartConfig.yaml @@ -22,7 +22,3 @@ spec: ingress: enabled: false # Optional: change default credentials - secret: - rustfs: - access_key: rustfsadmin - secret_key: f82g6toxn5xlwac6cd8bjwfl