feat(vault): deploy HashiCorp Vault 2.0.1 via Helm chart (5-replica HA raft) #148

Merged
unkinben merged 5 commits from benvin/vault into main 2026-05-23 22:39:42 +10:00

5 Commits

Author SHA1 Message Date
unkinben baca4c94f1 feat(vault): add HTTP→HTTPS redirect on port 80
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
2026-05-23 22:13:50 +10:00
unkinben eb5e75da89 fix(vault): use correct cert-manager alt-names annotation for consul SANs
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
2026-05-23 22:12:20 +10:00
unkinben 0d146dc942 feat(vault): add port 8200 listener, consul SANs, consul service_registration
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
- Add SAN altnames vault.service.consul and vault.query.consul to cert
- Add vault-direct HTTPS listener on port 8200 (TLS terminate, same cert)
- Add vault-consul HTTPRoute binding consul DNS names to port 8200 listener
- Add vault-direct port 8200 entrypoint to traefik-internal
- Switch service_registration from kubernetes to consul
  (consul-server.consul.svc.cluster.local:8500)
2026-05-23 22:08:41 +10:00
unkinben ba40525017 feat(vault): deploy HashiCorp Vault 2.0.1 via Helm chart 0.32.0
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
HA raft cluster (5 replicas) with disable_mlock=true, IPC_LOCK capability,
headless-DNS retry_join, kubernetes service_registration, 10Gi cephrbd-fast-delete
PVC. Gateway API HTTPRoute on 443→8200. ArgoCD platform ApplicationSet entry added.
2026-05-23 18:46:50 +10:00
unkinben eef4c2cd49 feat(vault): deploy HashiCorp Vault 2.0.1 with raft HA (5 replicas)
StatefulSet with templated PVC (cephrbd-fast-delete, 10Gi), headless
service for raft cluster communication, HTTPS gateway (443→8200), and
kubernetes provider retry_join for automatic cluster formation.
2026-05-23 18:22:25 +10:00