From cea2c92f6db5d3e569b7b4ce89bcf419d795f358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Groothuis?= Date: Thu, 23 Oct 2025 11:10:46 +0200 Subject: [PATCH] chore(bootstrap): Added Vault to ArgoCD --- clusters/artemis/apps/kustomization.yaml | 1 + clusters/artemis/apps/vault/app-project.yaml | 18 ++++++++++++++ clusters/artemis/apps/vault/application.yaml | 24 +++++++++++++++++++ .../artemis/apps/vault/kustomization.yaml | 7 ++++++ manifests/artemis/vault/ingress.yaml | 23 ++++++++++++++++++ manifests/artemis/vault/kustomization.yaml | 11 +++++++++ manifests/artemis/vault/values.yaml | 9 +++++++ 7 files changed, 93 insertions(+) create mode 100644 clusters/artemis/apps/vault/app-project.yaml create mode 100644 clusters/artemis/apps/vault/application.yaml create mode 100644 clusters/artemis/apps/vault/kustomization.yaml create mode 100644 manifests/artemis/vault/ingress.yaml create mode 100644 manifests/artemis/vault/kustomization.yaml create mode 100644 manifests/artemis/vault/values.yaml diff --git a/clusters/artemis/apps/kustomization.yaml b/clusters/artemis/apps/kustomization.yaml index e5693f9..65eca60 100644 --- a/clusters/artemis/apps/kustomization.yaml +++ b/clusters/artemis/apps/kustomization.yaml @@ -4,3 +4,4 @@ kind: Kustomization resources: - argocd + - vault diff --git a/clusters/artemis/apps/vault/app-project.yaml b/clusters/artemis/apps/vault/app-project.yaml new file mode 100644 index 0000000..a659b8f --- /dev/null +++ b/clusters/artemis/apps/vault/app-project.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: vault + namespace: vault +spec: + description: Kubernetes Secrets Management + sourceRepos: + - '*' + sourceNamespaces: + - '*' + destinations: + - namespace: '*' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' diff --git a/clusters/artemis/apps/vault/application.yaml b/clusters/artemis/apps/vault/application.yaml new file mode 100644 index 0000000..57368b3 --- /dev/null +++ b/clusters/artemis/apps/vault/application.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vault + namespace: vault + labels: + platform.dgse.cloud/cluster: artemis + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: vault + source: + repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' + path: manifests/artemis/vault + targetRevision: HEAD + destination: + namespace: vault + name: in-cluster + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true diff --git a/clusters/artemis/apps/vault/kustomization.yaml b/clusters/artemis/apps/vault/kustomization.yaml new file mode 100644 index 0000000..f9b2a4b --- /dev/null +++ b/clusters/artemis/apps/vault/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - app-project.yaml + - application.yaml diff --git a/manifests/artemis/vault/ingress.yaml b/manifests/artemis/vault/ingress.yaml new file mode 100644 index 0000000..d599374 --- /dev/null +++ b/manifests/artemis/vault/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt + labels: + name: vault-ingress +spec: + rules: + - host: sealed.dgse.cloud + http: + paths: + - backend: + service: + name: vault + port: + number: 8200 + path: / + pathType: Prefix + tls: + - hosts: + - sealed.dgse.cloud + secretName: letsencrypt diff --git a/manifests/artemis/vault/kustomization.yaml b/manifests/artemis/vault/kustomization.yaml new file mode 100644 index 0000000..f95eea9 --- /dev/null +++ b/manifests/artemis/vault/kustomization.yaml @@ -0,0 +1,11 @@ +--- +resources: + - ingress.yaml + +helmCharts: + - name: vault + repo: https://helm.releases.hashicorp.com/ + version: 0.30.0 + releaseName: vault + namespace: vault + valuesFile: values.yaml diff --git a/manifests/artemis/vault/values.yaml b/manifests/artemis/vault/values.yaml new file mode 100644 index 0000000..c6c9b45 --- /dev/null +++ b/manifests/artemis/vault/values.yaml @@ -0,0 +1,9 @@ +server: + ha: + enabled: true + raft: + enabled: true + replicas: 1 + dataStorage: + enabled: true + size: 10Gi