Files
argocd-apps/apps/base/puppet/vaultstaticsecret.yaml
T
unkinben a3eaa0a0ca
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful
feat: initial puppet deployment
working towards a larger, redundant, autoscaling and simple puppet
implementation in kubernetes. this was originally based on the openvox
helm chart with several improvements (not all in this pr)

- use of cnpg instead of single bitnamilegacy postgres container
- use for g10k instead of r10k
- run one instance of g10k per namespace, instead of per-pod
- store only keep one copy of the environments/branches (instead of per-pod)
- change g10k to native cronjob instead of hacky implementation
- use vault secrets

part one adds:

- cnpg puppetdb pgsql cluster
- cnpg puppetdb pgpooler
- persistent volume claims for puppet, puppetdb, the code repository, etc
2026-03-09 01:07:53 +11:00

35 lines
747 B
YAML

---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: postgres-credentials
namespace: puppet
spec:
destination:
create: true
name: postgres-credentials
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/puppet/default/postgres-credentials
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: puppetboard-secrets
namespace: puppet
spec:
destination:
create: true
name: puppetboard-secrets
overwrite: true
hmacSecretData: true
mount: kv
path: kubernetes/namespace/puppet/default/puppetboard-secrets
refreshAfter: 5m
type: kv-v2
vaultAuthRef: default