feat: initial puppet deployment
working towards a larger, redundant, autoscaling and simple puppet implementation in kubernetes. this was originally based on the openvox helm chart with several improvements (not all in this pr) - use of cnpg instead of single bitnamilegacy postgres container - use for g10k instead of r10k - run one instance of g10k per namespace, instead of per-pod - store only keep one copy of the environments/branches (instead of per-pod) - change g10k to native cronjob instead of hacky implementation - use vault secrets part one adds: - cnpg puppetdb pgsql cluster - cnpg puppetdb pgpooler - persistent volume claims for puppet, puppetdb, the code repository, etc
This commit is contained in:
@@ -0,0 +1,34 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: postgres-credentials
|
||||
namespace: puppet
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-credentials
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: kubernetes/namespace/puppet/default/postgres-credentials
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: puppetboard-secrets
|
||||
namespace: puppet
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: puppetboard-secrets
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: kubernetes/namespace/puppet/default/puppetboard-secrets
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
Reference in New Issue
Block a user