add vault to yc-cps-prod
This commit is contained in:
parent
bea2897c05
commit
3265b7fadc
12
clusters/yc-cps-prod/helm-repositories.yaml
Normal file
12
clusters/yc-cps-prod/helm-repositories.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: yc-oci-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
type: oci
|
||||
interval: 10m0s
|
||||
url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts
|
||||
secretRef:
|
||||
name: yc-cr-auth
|
||||
13
clusters/yc-cps-prod/infrastructure/kustomization.yaml
Normal file
13
clusters/yc-cps-prod/infrastructure/kustomization.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../infrastructure/vault
|
||||
- ./vault-istio.yaml
|
||||
patches:
|
||||
- path: ./patches/vault.yaml
|
||||
target:
|
||||
group: helm.toolkit.fluxcd.io
|
||||
version: v2
|
||||
kind: HelmRelease
|
||||
name: vault
|
||||
namespace: vault
|
||||
12
clusters/yc-cps-prod/infrastructure/patches/vault.yaml
Normal file
12
clusters/yc-cps-prod/infrastructure/patches/vault.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: vault
|
||||
spec:
|
||||
interval: 5m
|
||||
timeout: 10m
|
||||
values:
|
||||
server:
|
||||
dataStorage:
|
||||
storageClass: yc-network-hdd
|
||||
61
clusters/yc-cps-prod/infrastructure/vault-istio.yaml
Normal file
61
clusters/yc-cps-prod/infrastructure/vault-istio.yaml
Normal file
@ -0,0 +1,61 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: vault-cert
|
||||
namespace: istio-system
|
||||
spec:
|
||||
dnsNames:
|
||||
- vault.infra.cps.sarex.io
|
||||
duration: 2160h
|
||||
issuerRef:
|
||||
kind: ClusterIssuer
|
||||
name: letsencrypt-issuer-istio
|
||||
privateKey:
|
||||
rotationPolicy: Always
|
||||
renewBefore: 360h
|
||||
secretName: vault-tls
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: vault-gateway
|
||||
namespace: gateway
|
||||
spec:
|
||||
selector:
|
||||
istio: ingressgateway
|
||||
servers:
|
||||
- hosts:
|
||||
- vault.infra.cps.sarex.io
|
||||
port:
|
||||
name: https-443
|
||||
number: 443
|
||||
protocol: HTTPS
|
||||
tls:
|
||||
credentialName: vault-tls
|
||||
mode: SIMPLE
|
||||
- hosts:
|
||||
- vault.infra.cps.sarex.io
|
||||
port:
|
||||
name: http-80
|
||||
number: 80
|
||||
protocol: HTTP
|
||||
---
|
||||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: vault-virt-service
|
||||
namespace: vault
|
||||
spec:
|
||||
gateways:
|
||||
- gateway/vault-gateway
|
||||
hosts:
|
||||
- vault.infra.cps.sarex.io
|
||||
http:
|
||||
- match:
|
||||
- uri:
|
||||
prefix: /
|
||||
route:
|
||||
- destination:
|
||||
host: vault-vault-contour.vault.svc.cluster.local
|
||||
port:
|
||||
number: 8200
|
||||
6
clusters/yc-cps-prod/kustomization.yaml
Normal file
6
clusters/yc-cps-prod/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./flux-system
|
||||
- ./helm-repositories.yaml
|
||||
- ./infrastructure
|
||||
Loading…
Reference in New Issue
Block a user