feat: major restructuring in migration to terragrunt

- migrate from individual terraform files to config-driven terragrunt module structure
- add vault_cluster module with config discovery system
- replace individual .tf files with centralized config.hcl
- restructure auth and secret backends as configurable modules
- move auth roles and secret backends to yaml-based configuration
- convert policies from .hcl to .yaml format, add rules/auth definition
- add pre-commit hooks for yaml formatting and file cleanup
- add terragrunt cache to gitignore
- update makefile with terragrunt commands and format target
This commit is contained in:
2026-01-04 23:31:42 +11:00
parent bd112181f5
commit 8070b6f66b
245 changed files with 3943 additions and 985 deletions
@@ -0,0 +1,26 @@
---
rules:
- apiGroups:
- ""
- "postgresql.cnpg.io"
- "cert-manager.io"
- "rbac.authorization.k8s.io"
- "batch"
- "secrets.hashicorp.com"
- "storage.k8s.io"
- "apps"
- "apiextensions.k8s.io"
- "externaldns.k8s.io"
- "autoscaling"
- "networking.k8s.io"
- "purelb.io"
- "nfd.k8s-sigs.io"
- "policy"
- "metrics.k8s.io"
- "logstash.k8s.elastic.co"
- "elasticsearch.k8s.elastic.co"
- "kibana.k8s.elastic.co"
resources:
- "*"
verbs:
- "*"
@@ -0,0 +1,28 @@
---
rules:
- apiGroups:
- ""
- "postgresql.cnpg.io"
- "cert-manager.io"
- "rbac.authorization.k8s.io"
- "batch"
- "secrets.hashicorp.com"
- "storage.k8s.io"
- "apps"
- "apiextensions.k8s.io"
- "externaldns.k8s.io"
- "autoscaling"
- "networking.k8s.io"
- "purelb.io"
- "nfd.k8s-sigs.io"
- "policy"
- "metrics.k8s.io"
- "logstash.k8s.elastic.co"
- "elasticsearch.k8s.elastic.co"
- "kibana.k8s.elastic.co"
resources:
- "*"
verbs:
- "get"
- "list"
- "watch"
@@ -0,0 +1,8 @@
---
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
@@ -0,0 +1,49 @@
---
rules:
- apiGroups:
- ""
resources:
- "pods"
- "services"
- "configmaps"
- "secrets"
- "endpoints"
- "persistentvolumeclaims"
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- ""
resources:
- "pods/log"
verbs:
- "get"
- "list"
- apiGroups:
- ""
resources:
- "pods/exec"
verbs:
- "create"
- apiGroups:
- "apps"
resources:
- "deployments"
- "replicasets"
- "statefulsets"
- "daemonsets"
verbs:
- "get"
- "list"
- "watch"
- "patch"
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- "ingresses"
verbs:
- "get"
- "list"
- "watch"