diff --git a/vault/Chart.yaml b/vault/Chart.yaml new file mode 100644 index 0000000..fc08adf --- /dev/null +++ b/vault/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: vault +description: A Helm chart for Kubernetes +type: application +version: 0.0.1 +appVersion: 0.0.1 + +dependencies: +- name: vault + repository: https://helm.releases.hashicorp.com + version: 0.27.0 + diff --git a/vault/templates/secret-store.yaml b/vault/templates/secret-store.yaml new file mode 100644 index 0000000..feb3c59 --- /dev/null +++ b/vault/templates/secret-store.yaml @@ -0,0 +1,30 @@ +#apiVersion: external-secrets.io/v1beta1 +#kind: ClusterSecretStore +#metadata: +# name: vault +#spec: +# provider: +# vault: +# server: "http://vault.vault.svc.cluster.local:8200" +# path: "secrets" +# version: "v2" +# auth: +# kubernetes: +# mountPath: "kubernetes" +# role: "external-secrets" +--- +#apiVersion: external-secrets.io/v1beta1 +#kind: ClusterSecretStore +#metadata: +# name: vault +#spec: +# provider: +# vault: +# server: "https://vault.internal.prd.durp.info" +# path: "secrets" +# version: "v2" +# auth: +# tokenSecretRef: +# name: vault-token +# key: token +# namespace: external-secrets diff --git a/vault/values.yaml b/vault/values.yaml new file mode 100644 index 0000000..23f023a --- /dev/null +++ b/vault/values.yaml @@ -0,0 +1,40 @@ +vault: + + global: + externalVaultAddr: "https://vault.internal.prd.durp.info" + + image: + repository: "registry.internal.durp.info/hashicorp/vault-k8s" + tag: "1.3.1" + pullPolicy: Always + + agentImage: + repository: "registry.internal.durp.info/hashicorp/vault" + tag: "1.15.2" + + + injector: + enabled: "-" + + replicas: 2 + leaderElector: + enabled: true + + metrics: + enabled: true + + image: + repository: "registry.internal.durp.info/hashicorp/vault-k8s" + tag: "1.3.1" + pullPolicy: Always + + agentImage: + repository: "registry.internal.durp.info/hashicorp/vault" + tag: "1.15.2" + + server: + enabled: false + + ui: + enabled: false +