unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
65 Commits 1 Branch 0 Tags 196 KiB
391c77d30b
Commit Graph

65 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Vincent
391c77d30b Merge pull request 'feat: add media-apps integration with vault' (#29) from benvin/media_apps_k8s into master 
Reviewed-on: #29
 2025-11-27 20:41:52 +11:00
Ben Vincent
6353ac6bbc feat: add media-apps integration with vault 
- add kubernetes auth role for media-apps
- add policies to read radarr/sonarr secrets
 2025-11-27 20:40:54 +11:00
Ben Vincent
605aa204a9 Merge pull request 'chore: update k8s csi roles' (#28) from benvin/ceph-csi-changes into master 
Reviewed-on: #28
 2025-11-26 21:01:58 +11:00
Ben Vincent
4cf1b43960 chore: update k8s csi roles 
- ensure the new service accounts can read cephrbd/cephfs
- ensure correct namespace is allowed
 2025-11-26 21:01:31 +11:00
Ben Vincent
f217dbaeca Merge pull request 'feat: manage k8s auth role integration' (#27) from benvin/k8s_roles_integration into master 
Reviewed-on: #27
 2025-11-22 23:23:13 +11:00
Ben Vincent
7814551084 feat: manage k8s auth role integration 
- add policies to sign/issue certificates
- manage auth roles for ceph-csi, certmanager, externaldns, huntarr
 2025-11-22 23:21:43 +11:00
Ben Vincent
85cda88a3b Merge pull request 'chore: fix kubernetes_host' (#26) from benvin/kubernetes_host into master 
Reviewed-on: #26
 2025-11-16 16:50:13 +11:00
Ben Vincent
02654ac32a chore: fix kubernetes_host 
- correct hostname to match `kubectl cluster-info`
- fix formatting with terraform fmt
 2025-11-16 16:49:04 +11:00
Ben Vincent
c3c1cb660a Merge pull request 'benvin/pre-commit' (#25) from benvin/pre-commit into master 
Reviewed-on: #25
 2025-11-16 13:37:55 +11:00
Ben Vincent
5cbd5815a0 chore: format policy files 
- ensure all policy files are correctly formatted
 2025-11-16 13:35:10 +11:00
Ben Vincent
6d84efe81e feat: add pre-commit 
- ran 'pre-commit install'
- add pre-commit configuration
- test yaml + terraform related checks
- terragrunt-hcl-fmt for policy hcl files
 2025-11-16 13:31:16 +11:00
Ben Vincent
9ff6cf7de7 Merge pull request 'chore: add terraform required version' (#24) from benvin/terraform_required_version into master 
Reviewed-on: #24
 2025-11-16 13:13:44 +11:00
Ben Vincent
865a97ba0e Merge pull request 'feat: rework policies file' (#23) from benvin/policy_rework into master 
Reviewed-on: #23
 2025-11-16 13:13:37 +11:00
Ben Vincent
c0d0888172 chore: add terraform required version 
- set the terraform required version to 1.10+
 2025-11-16 13:13:08 +11:00
Ben Vincent
49889eaf22 feat: rework policies file 
- policy files are now found automatically
 2025-11-16 13:08:50 +11:00
Ben Vincent
d2acaeb7bc Merge pull request 'feat: move k8s secrets into vault' (#22) from benvin/kubernetes_secret_handling into master 
Reviewed-on: #22
 2025-11-16 12:44:40 +11:00
Ben Vincent
cbee19b5f9 feat: move k8s secrets into vault 
- update kubernetes_host to match value in jwt
- regenerate jwt token and store in vault
- add policy to enable access to jwt token
- update tf_deploy user with access to token
 2025-11-16 12:42:18 +11:00
Ben Vincent
353d726510 Merge pull request 'feat: add makefile' (#21) from benvin/makefile into master 
Reviewed-on: #21
 2025-11-16 12:40:25 +11:00
Ben Vincent
537cc9013a feat: add makefile 
- add init, plan and apply to makefile
 2025-11-16 12:39:32 +11:00
Ben Vincent
8e1d242dba Merge pull request 'feat: add transit engine' (#20) from benvin/transit_engine into master 
Reviewed-on: #20
 2025-11-15 15:57:04 +11:00
Ben Vincent
85d81fef72 feat: add transit engine 
- add transit engine
- add policies to manage keys, encryption and decryption
- add ability to create keys to tf_vault approle
 2025-11-15 15:55:51 +11:00
Ben Vincent
59b7b01c23 Merge pull request 'feat: enable annotations as alias metadata' (#19) from benvin/annotations_as_alias_metadata into master 
Reviewed-on: #19
 2025-11-15 15:41:42 +11:00
Ben Vincent
5675a469da feat: enable annotations as alias metadata 
- enable the ability to set additional alias metadata via annotations
 2025-11-15 15:40:54 +11:00
Ben Vincent
489969fed8 Merge pull request 'feat: upgrade vault provider' (#18) from benvin/upgrade_provider into master 
Reviewed-on: #18
 2025-11-15 15:40:16 +11:00
Ben Vincent
1ee07dd52f feat: upgrade vault provider 
- upgrade to hashicorp/vault 5.4.0
 2025-11-15 15:38:22 +11:00
Ben Vincent
0869b6f723 Merge pull request 'feat: add kubernetes auth engine' (#17) from benvin/k8s_auth into master 
Reviewed-on: #17
 2025-11-15 10:51:18 +11:00
Ben Vincent
bc9b4eebdc feat: add kubernetes auth engine 
- add kubernetes authentication
- add policy to manage kubernetes auth engine roles/config
 2025-11-15 10:50:17 +11:00
Ben Vincent
9f4b77a765 Merge pull request 'feat: update policy names to be path based' (#16) from benvin/policy_rework into master 
Reviewed-on: #16
 2025-11-15 10:49:19 +11:00
Ben Vincent
4364b444fd feat: update policy names to be path based 
- change policy names to be based on the path they are stored at
 2025-11-15 10:48:17 +11:00
Ben Vincent
fee61c3eb5 Merge pull request 'feat: add new puppetca' (#15) from benvin/new_puppetca into master 
Reviewed-on: #15
 2025-07-10 21:51:02 +10:00
Ben Vincent
23e3fb88ea feat: add new puppetca 
- update puppetmaster/puppetca cidrs
 2025-07-10 21:49:36 +10:00
Ben Vincent
8fd8913554 Merge pull request 'feat: add new puppetmasters to vault approles' (#14) from benvin/new_puppetmasters into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/14
 2025-05-31 15:17:40 +10:00
Ben Vincent
1f35fec37c feat: add new puppetmasters to vault approles 2025-05-31 15:17:22 +10:00
Ben Vincent
b46d36d03b Merge pull request 'feat: update gitea runners' (#13) from benvin/update_runners into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/13
 2025-05-25 10:32:37 +10:00
Ben Vincent
ac36f9355c feat: update gitea runners 
- changed gitea runners, updating cidrs
 2025-05-25 10:31:29 +10:00
Ben Vincent
50d1e31ea5 Merge pull request 'feat: enable access to puppetcerts' (#12) from neoloc/puppet_terraform into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/12
 2025-04-27 16:26:25 +10:00
Ben Vincent
d508dcd4a9 feat: enable access to puppetcerts 
- enable the terraform-incus repo to access puppet certs
 2025-04-27 16:26:05 +10:00
Ben Vincent
4aac926c6a Merge pull request 'feat: enable access to kv/service/packer/builder/docker-incus-client' (#11) from neoloc/add_packer_path into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/11
 2025-04-23 18:25:28 +10:00
Ben Vincent
05268f9dd8 feat: enable access to kv/service/packer/builder/docker-incus-client 2025-04-23 18:24:36 +10:00
Ben Vincent
80c14ef4e4 Merge pull request 'neoloc/incus' (#10) from neoloc/incus into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/10
 2025-04-07 16:27:29 +10:00
Ben Vincent
feee7a265e feat: remove k8s pki engines 2025-04-07 16:25:52 +10:00
Ben Vincent
8bc67e1e5b feat: add terraform-incus approle/policy 2025-04-07 16:22:41 +10:00
Ben Vincent
275b640adc feat: add packer-builder policy 2025-04-07 16:22:22 +10:00
Ben Vincent
2dc37cc8c4 Merge pull request 'feat: add pki for k8s' (#9) from neoloc/k8s_pki into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/9
 2025-01-27 21:06:30 +11:00
Ben Vincent
9b9afdce58 feat: add pki for k8s 
- add pki for k8s
- add policy to manage k8s/*/roles/*
 2025-01-27 21:05:51 +11:00
Ben Vincent
cd9c006203 Merge pull request 'fix: fix rolename' (#8) from neoloc/oops into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/8
 2025-01-11 21:33:04 +11:00
Ben Vincent
2d345cc63b fix: fix rolename 
- had duplicate role
- change policy name to match approle
- updated ttl as packer builds can take some time
 2025-01-11 21:32:33 +11:00
Ben Vincent
99b643b458 Merge pull request 'feat: add packer-builder role' (#7) from neoloc/packer-builder into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/7
 2025-01-11 21:06:36 +11:00
Ben Vincent
f83ba13158 feat: add packer-builder role 
- limit access to workstation and gitea runners
 2025-01-11 21:01:17 +11:00
Ben Vincent
e4d80e42dc Merge pull request 'feat: add incus-cluster role/policies' (#6) from neoloc/incus into master 
Reviewed-on: https://git.query.consul/unkin/terraform-vault/pulls/6
 2025-01-06 23:16:53 +11:00