Deploy Vault to yc-infra-prod
This commit is contained in:
parent
152ffd5fd5
commit
10b6ef51c3
12
clusters/yc-infra-prod/helm-repositories.yaml
Normal file
12
clusters/yc-infra-prod/helm-repositories.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: yc-oci-charts
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
type: oci
|
||||||
|
interval: 10m0s
|
||||||
|
url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts
|
||||||
|
secretRef:
|
||||||
|
name: yc-cr-auth
|
||||||
12
clusters/yc-infra-prod/infrastructure/kustomization.yaml
Normal file
12
clusters/yc-infra-prod/infrastructure/kustomization.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../infrastructure/vault
|
||||||
|
patches:
|
||||||
|
- path: ./patches/vault.yaml
|
||||||
|
target:
|
||||||
|
group: helm.toolkit.fluxcd.io
|
||||||
|
version: v2
|
||||||
|
kind: HelmRelease
|
||||||
|
name: vault
|
||||||
|
namespace: vault
|
||||||
30
clusters/yc-infra-prod/infrastructure/patches/vault.yaml
Normal file
30
clusters/yc-infra-prod/infrastructure/patches/vault.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: vault
|
||||||
|
namespace: vault
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
timeout: 15m
|
||||||
|
values:
|
||||||
|
global:
|
||||||
|
namespace: vault
|
||||||
|
autounseal:
|
||||||
|
transit:
|
||||||
|
address: "https://vault-unseal.infra.sarex.io"
|
||||||
|
keyName: "vault-infra-prod"
|
||||||
|
mountPath: "transit/"
|
||||||
|
tlsSkipVerify: false
|
||||||
|
secret:
|
||||||
|
name: "vault-transit-autounseal"
|
||||||
|
backup:
|
||||||
|
schedule: "0 * * * *"
|
||||||
|
secret:
|
||||||
|
name: "vault-backup-s3"
|
||||||
|
endpoint: "https://storage.yandexcloud.net"
|
||||||
|
prefix: "vault/yc-infra-prod/raft-snapshots"
|
||||||
|
server:
|
||||||
|
dataStorage:
|
||||||
|
size: 20Gi
|
||||||
|
ha:
|
||||||
|
replicas: 3
|
||||||
6
clusters/yc-infra-prod/kustomization.yaml
Normal file
6
clusters/yc-infra-prod/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./flux-system
|
||||||
|
- ./helm-repositories.yaml
|
||||||
|
- ./infrastructure
|
||||||
@ -8,7 +8,7 @@ spec:
|
|||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: vault-contour
|
chart: vault-contour
|
||||||
version: "0.1.0"
|
version: "0.2.0"
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: yc-oci-charts
|
name: yc-oci-charts
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user