diff --git a/manifests/kube-system/kustomization.yaml b/manifests/kube-system/kustomization.yaml index 5931d54..f58f269 100644 --- a/manifests/kube-system/kustomization.yaml +++ b/manifests/kube-system/kustomization.yaml @@ -3,3 +3,5 @@ namespace: kube-system resources: - ./vault.yaml - ./vaultChartConfig.yaml + - ./secretOperatorConfig.yaml + - ./secretsOperator.yaml diff --git a/manifests/kube-system/secretOperatorConfig.yaml b/manifests/kube-system/secretOperatorConfig.yaml new file mode 100644 index 0000000..cd06a5d --- /dev/null +++ b/manifests/kube-system/secretOperatorConfig.yaml @@ -0,0 +1,40 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: vault-secrets-operator +spec: + valuesContent: |- + defaultVaultConnection: + # toggles the deployment of the VaultAuthMethod CR + # @type: boolean + enabled: true + + # Address of the Vault Server + # @type: string + # Example: http://vault.kube-system.svc.cluster.local:8200 + address: "http://vault.kube-system.svc.cluster.local:8200" + + # SkipTLSVerify for TLS connections. + # @type: boolean + skipTLSVerify: true + + defaultAuthMethod: + enabled: true + + # Kubernetes namespace glob patterns which are allow-listed for use with the default AuthMethod. + # @type: array + allowedNamespaces: + - "*" + + method: kubernetes + + mount: kubernetes + + kubernetes: + # Vault Auth Role to use + # This is a required field and must be setup in Vault prior to deploying the helm chart + # if `defaultAuthMethod.enabled=true` + # @type: string + role: "taskarr-role" + + serviceAccount: default diff --git a/manifests/kube-system/secretsOperator.yaml b/manifests/kube-system/secretsOperator.yaml new file mode 100644 index 0000000..9ab8f9c --- /dev/null +++ b/manifests/kube-system/secretsOperator.yaml @@ -0,0 +1,11 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: vault-secrets-operator +spec: + repo: https://helm.releases.hashicorp.com + chart: vault-secrets-operator + targetNamespace: kube-system + version: 1.4.0 + valuesContent: |- +