DeveloperDurp/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: DeveloperDurp:622114aacecbdf7183f1e2977600c79033dd351f
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd
...
compare: DeveloperDurp:a47fe24d519bc28cd4efccf83190af864f3309d6
Branches Tags
DeveloperDurp:main DeveloperDurp:renovate/docker.io-swaggerapi-swagger-ui-5.x DeveloperDurp:renovate/cert-manager-1.x DeveloperDurp:renovate/docker.io-nginxinc-nginx-unprivileged-1.x DeveloperDurp:renovate/crowdsec-0.x DeveloperDurp:renovate/crossplane-1.x DeveloperDurp:renovate/gitlab-runner-0.x DeveloperDurp:renovate/gatekeeper-3.x DeveloperDurp:renovate/authentik-2025.x DeveloperDurp:renovate/longhorn-1.x DeveloperDurp:renovate/external-secrets-0.x DeveloperDurp:dev DeveloperDurp:dmz DeveloperDurp:prd

5 Commits
622114aace ... a47fe24d51

Author SHA1 Message Date
DeveloperDurp
a47fe24d51 update 2025-01-22 05:43:12 -06:00
DeveloperDurp
881de48183 move back to HA 2025-01-22 05:42:15 -06:00
DeveloperDurp
61eb2cb68e update 2025-01-22 05:41:34 -06:00
DeveloperDurp
e17ffa9f3f update 2025-01-22 05:40:34 -06:00
DeveloperDurp
b50e31d42d update 2025-01-22 05:39:28 -06:00
2 changed files with 10 additions and 8 deletions
Expand all files Collapse all files

2
infra/vault/templates/ingress.yaml
View File

@@ -13,6 +13,6 @@ spec:
services: services:
- name: vault - name: vault
port: 8200 port: 8200
scheme: http scheme: https
tls: tls:
secretName: vault-tls secretName: vault-tls

16
infra/vault/values.yaml
View File

@@ -1,7 +1,7 @@
vault: vault:
global: global:
enabled: true enabled: true
tlsDisable: true tlsDisable: false
resources: resources:
requests: requests:
memory: 256Mi memory: 256Mi
@@ -60,7 +60,7 @@ vault:
enabled: true enabled: true
standalone: standalone:
enabled: true enabled: false
config: | config: |
disable_mlock = true disable_mlock = true
@@ -68,6 +68,8 @@ vault:
listener "tcp" { listener "tcp" {
address = "[::]:8200" address = "[::]:8200"
cluster_address = "[::]:8201" cluster_address = "[::]:8201"
tls_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
tls_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
seal "transit" { seal "transit" {
@@ -84,10 +86,10 @@ vault:
# Run Vault in "HA" mode. # Run Vault in "HA" mode.
ha: ha:
enabled: false enabled: true
replicas: 3 replicas: 3
raft: raft:
enabled: false enabled: true
setNodeId: true setNodeId: true
config: | config: |
@@ -111,19 +113,19 @@ vault:
storage "raft" { storage "raft" {
path = "/vault/data" path = "/vault/data"
retry_join { retry_join {
leader_api_addr = "http://vault-0.vault-internal:8200" leader_api_addr = "https://vault-0.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-1.vault-internal:8200" leader_api_addr = "https://vault-1.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
} }
retry_join { retry_join {
leader_api_addr = "http://vault-2.vault-internal:8200" leader_api_addr = "https://vault-2.vault-internal:8200"
leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca" leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault.ca"
leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt" leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key" leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"