d2be521878
## Summary - Deploys HashiCorp Vault 2.0.1 using Helm chart 0.32.0 in HA raft mode (5 replicas) - Configuration modelled on production vault: \`disable_mlock=true\`, headless-DNS retry_join for all 5 pods - IPC_LOCK capability added via \`server.statefulSet.securityContext.container\` - 10Gi cephrbd-fast-delete PVC per pod via \`dataStorage\` - Gateway API: HTTPS gateway + HTTPRoute (443→vault service port 8200) at \`vault.k8s.syd1.au.unkin.net\` - ArgoCD platform ApplicationSet updated to include vault overlay path - Injector disabled (no agent sidecar injection needed) ## Requires - PR #147 (artifactapi: add hashicorp/vault to docker immutable patterns) to be merged first ## Test plan - [ ] Sandbox tested in \`sandbox-vault\`: all 5 pods Running, raft cluster forming - [ ] After merge: ArgoCD syncs vault namespace - [ ] Operator runs \`vault operator init\` to initialize, then unseals all 5 nodes - [ ] Verify \`vault.k8s.syd1.au.unkin.net\` is accessible via Gateway Reviewed-on: #148
51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
---
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: ApplicationSet
|
|
metadata:
|
|
name: platform-apps
|
|
namespace: argocd
|
|
spec:
|
|
generators:
|
|
- git:
|
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
|
revision: HEAD
|
|
directories:
|
|
- path: apps/overlays/*/artifactapi
|
|
- path: apps/overlays/*/cattle-system
|
|
- path: apps/overlays/*/cert-manager
|
|
- path: apps/overlays/*/certificates
|
|
- path: apps/overlays/*/cnpg-system
|
|
- path: apps/overlays/*/elastic-system
|
|
- path: apps/overlays/*/externaldns
|
|
- path: apps/overlays/*/inteldeviceplugins-system
|
|
- path: apps/overlays/*/jfrog
|
|
- path: apps/overlays/*/node-feature-discovery
|
|
- path: apps/overlays/*/puppet
|
|
- path: apps/overlays/*/purelb
|
|
- path: apps/overlays/*/reflector-system
|
|
- path: apps/overlays/*/reloader-system
|
|
- path: apps/overlays/*/reposync
|
|
- path: apps/overlays/*/traefik-system
|
|
- path: apps/overlays/*/vm-system
|
|
- path: apps/overlays/*/vault
|
|
- path: apps/overlays/*/vso-system
|
|
- path: apps/overlays/*/woodpecker
|
|
template:
|
|
metadata:
|
|
name: 'platform-{{path[3]}}' # cluster-app format (e.g., platform-reflector-system)
|
|
spec:
|
|
project: platform
|
|
source:
|
|
repoURL: https://git.unkin.net/unkin/argocd-apps
|
|
targetRevision: HEAD
|
|
path: '{{path}}'
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: '{{path[3]}}' # Use directory name as namespace
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
syncOptions:
|
|
- ServerSideApply=true
|