feat: complete puppet infrastructure (#29)

complete the implementation of puppet in kubernetes, taking many
features from the openvox helm chart and improving on them. changes from
helm are:
- using vault for storing secrets
- using g10k instead of r10k
- using a single shared g10k cronjob for all masters/compilers
- using a single shared /etc/puppetlabs/code directory (shared, cephfs)

changes:
- deploy puppet master and compiler servers with statefulset/deployment
- deploy puppetdb with postgresql backend, taking advantage of cnpg cluster and pooler
- deploy puppetboard
- all supporting configmaps, services, ingresses, and hpas
- added vaultstaticsecret for eyaml private keys
- configured secure mounting of eyaml keys at /var/lib/puppet/keys/
- updated base kustomization to include all 23 new puppet resource files

Reviewed-on: #29
This commit was merged in pull request #29.
This commit is contained in:
2026-03-17 20:25:11 +11:00
parent 13de81a192
commit df1b9a5685
26 changed files with 1116 additions and 0 deletions
+24
View File
@@ -10,3 +10,27 @@ resources:
- persistentvolumeclaims.yaml
- vaultauth.yaml
- vaultstaticsecret.yaml
- configmap_puppetboard-config.yaml
- configmap_puppetdb-config.yaml
- configmap_puppetserver-compiler-config.yaml
- configmap_puppetserver-init-config.yaml
- configmap_puppetserver-init-masters-config.yaml
- configmap_puppetserver-master-config.yaml
- deployment_puppetboard.yaml
- deployment_puppetdb.yaml
- deployment_puppetserver-master.yaml
- horizontalpodautoscaler_puppetserver-compilers-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-masters-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml
- horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml
- ingress_puppetboard.yaml
- ingress_puppetdb.yaml
- ingress_puppetserver-compilers.yaml
- ingress_puppetserver-masters.yaml
- service_puppetserver-agents-to-puppet.yaml
- service_puppetserver-puppet-compilers-headless.yaml
- service_puppetserver-puppet-compilers.yaml
- service_puppetserver-puppet.yaml
- service_puppetserver-puppetboard.yaml
- service_puppetserver-puppetdb.yaml
- statefulset_puppetserver-compiler.yaml