add hashicorp vault helm [ci skip]

This commit is contained in:
Viktor Barzin 2025-11-30 15:55:47 +00:00
parent c93b1ab901
commit 1e8e855b51
3 changed files with 32 additions and 23 deletions

View file

@ -280,10 +280,10 @@ module "privatebin" {
depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
} }
# module "vault" { module "vault" {
# source = "./vault" source = "./vault"
# tls_secret_name = var.tls_secret_name tls_secret_name = var.tls_secret_name
# } }
module "reloader" { module "reloader" {
source = "./reloader" source = "./reloader"

View file

@ -1,24 +1,23 @@
global:
namespace: "vault"
image:
repository: "hashicorp/vault-k8s"
tag: "1.7.0"
agentImage:
repository: "hashicorp/vault"
tag: "1.20.4"
injector: injector:
metrics: metrics:
enabled: true enabled: true
server: server:
image:
repository: "hashicorp/vault"
tag: "1.20.4"
enabled: true enabled: true
volumes: volumes:
- name: data - name: data
emptyDir: {} emptyDir: {}
ingress: ingress:
enabled: true enabled: false
annotations:
"kubernetes.io/ingress.class": "nginx"
"nginx.ingress.kubernetes.io/auth-tls-verify-client": "on"
"nginx.ingress.kubernetes.io/auth-tls-secret": "default/ca-secret"
hosts:
- host: "${host}"
paths:
- /
tls:
- secretName: ${tls_secret_name}
hosts:
- "${host}"
ui: ui:
enabled: true enabled: true

View file

@ -17,7 +17,7 @@ module "tls_secret" {
resource "kubernetes_persistent_volume" "vault_data" { resource "kubernetes_persistent_volume" "vault_data" {
metadata { metadata {
name = "vauld-data-pv" name = "vault-data-pv"
} }
spec { spec {
capacity = { capacity = {
@ -25,11 +25,9 @@ resource "kubernetes_persistent_volume" "vault_data" {
} }
access_modes = ["ReadWriteOnce"] access_modes = ["ReadWriteOnce"]
persistent_volume_source { persistent_volume_source {
iscsi { nfs {
target_portal = "iscsi.viktorbarzin.lan:3260" server = "10.0.10.15"
iqn = "iqn.2020-12.lan.viktorbarzin:storage:vault" path = "/mnt/main/vault"
lun = 0
fs_type = "ext4"
} }
} }
} }
@ -44,4 +42,16 @@ resource "helm_release" "prometheus" {
chart = "vault" chart = "vault"
values = [templatefile("${path.module}/chart_values.tpl", { host = var.host, tls_secret_name = var.tls_secret_name })] values = [templatefile("${path.module}/chart_values.tpl", { host = var.host, tls_secret_name = var.tls_secret_name })]
depends_on = [kubernetes_persistent_volume.vault_data]
}
module "ingress" {
source = "../ingress_factory"
namespace = "vault"
name = "vault"
service_name = "vault-ui"
port = 8200
tls_secret_name = var.tls_secret_name
protected = true
} }