14e3946d4b
working towards a larger, redundant, autoscaling and simple puppet implementation in kubernetes. this was originally based on the openvox helm chart with several improvements (not all in this pr) - use of cnpg instead of single bitnamilegacy postgres container - use for g10k instead of r10k - run one instance of g10k per namespace, instead of per-pod - store only keep one copy of the environments/branches (instead of per-pod) - change g10k to native cronjob instead of hacky implementation - use vault secrets part one adds: - cnpg puppetdb pgsql cluster - cnpg puppetdb pgpooler - persistent volume claims for puppet, puppetdb, the code repository, etc Reviewed-on: #25
19 lines
352 B
YAML
19 lines
352 B
YAML
---
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultAuth
|
|
metadata:
|
|
name: default
|
|
namespace: puppet
|
|
spec:
|
|
allowedNamespaces:
|
|
- puppet
|
|
kubernetes:
|
|
audiences:
|
|
- vault
|
|
role: default
|
|
serviceAccount: default
|
|
tokenExpirationSeconds: 600
|
|
method: kubernetes
|
|
mount: k8s/au/syd1
|
|
vaultConnectionRef: vso-system/default
|