add vault deployment

70875697 · Kavitha Thulasiraman · Ryan Garcia · bd018b25 · 70875697 · 70875697
Commit 70875697 authored 3 years ago by Kavitha Thulasiraman Committed by Ryan Garcia 3 years ago
--- a/chart/templates/vault/gitrepository.yaml
+++ b/chart/templates/vault/gitrepository.yaml
-{{- if and (not .Values.offline) .Values.vault.enabled }}
+{{- if and (not .Values.offline) .Values.addons.vault.enabled }}
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
@@ -10,9 +10,9 @@ metadata:
    {{- include "commonLabels" . | nindent 4}}
 spec:
  interval: {{ .Values.flux.interval }}
-  url: {{ .Values.vault.git.repo }}
+  url: {{ .Values.addons.vault.git.repo }}
  ref:
-    {{- include "validRef" .Values.vault.git | nindent 4 }}
+    {{- include "validRef" .Values.addons.vault.git | nindent 4 }}
  {{ include "gitIgnore" . }}
  {{- include "gitCreds" . | nindent 2 }}
 {{- end }}
--- a/chart/templates/vault/imagepullsecret.yaml
+++ b/chart/templates/vault/imagepullsecret.yaml
-{{- if .Values.vault.enabled }}
+{{- if .Values.addons.vault.enabled }}
 {{- if ( include "imagePullSecret" . ) }}
 apiVersion: v1
 kind: Secret

--- a/chart/templates/vault/values.yaml
+++ b/chart/templates/vault/values.yaml
-{{- if .Values.vault.enabled }}
-{{- include "values-secret" (dict "root" $ "package" .Values.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
+{{- if .Values.addons.vault.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.addons.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
 {{- end }}

 {{- define "bigbang.defaults.vault" -}}
@@ -17,18 +17,11 @@ prometheus:
 imagePullSecrets:
 - name: private-registry

-networkPolicies:
-  enabled: {{ .Values.networkPolicies.enabled }}
-  ingressLabels:
-    {{- $gateway := default "public" .Values.twistlock.ingress.gateway }}
-    {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
-    {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
-  nodeCidr: {{ .Values.networkPolicies.nodeCidr }}
+

 istio:
  enabled: {{ .Values.istio.enabled }}
  console:
    gateways:
-    - istio-system/{{ default "public" .Values.vault.ingress.gateway }}
-
+    - istio-system/public
 {{- end -}}
--- a/chart/templates/vault/twistlock-helmrelease.yaml
+++ b/chart/templates/vault/twistlock-helmrelease.yaml
-{{- $fluxSettingsVault := merge .Values.vault.flux .Values.flux -}}
-{{- if .Values.vault.enabled }}
+{{- $fluxSettingsVault := merge .Values.addons.vault.flux .Values.flux -}}
+{{- if .Values.addons.vault.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
@@ -13,7 +13,7 @@ spec:
  targetNamespace: vault
  chart:
    spec:
-      chart: {{ .Values.vault.git.path }}
+      chart: {{ .Values.addons.vault.git.path }}
      interval: 5m
      sourceRef:
        kind: GitRepository
@@ -22,7 +22,7 @@ spec:

  {{- toYaml $fluxSettingsVault | nindent 2 }}
  
-  {{- if .Values.vault.postRenderers }}
+  {{- if .Values.addons.vault.postRenderers }}
  postRenderers:
  {{ toYaml .Values.vault.postRenderers | nindent 4 }}
  {{- end }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -486,6 +486,21 @@ twistlock:
 # ----------------------------------------------------------------------------------------------------------------------
 #
 addons:
+  vault:
+    # -- Toggle deployment of Vault.
+    enabled: true
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
+      path: "./chart"
+      branch: "deploy-vault"
+    # -- Flux reconciliation overrides specifically for the Twistlock Package
+    flux: {}
+    ingress:
+      gateway: ""
+    values: {}
+    postRenderers: []
+
+
  argocd:
    # -- Toggle deployment of ArgoCD.
    enabled: false
@@ -550,18 +565,6 @@ addons:
    # -- Additional authservice chain configurations.
    chains: {}

-  # ----------------------------------------------------------------------------------------------------------------------  
-  # Vault
- #
-  vault:
-  # -- Toggle deployment of vault.
-    enabled: true
-    git:
-      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
-      path: "./chart"
-      branch: "deploy-vault"
-  # ----------------------------------------------------------------------------------------------------------------------  
-
  # ----------------------------------------------------------------------------------------------------------------------
  # Minio Operator and Instance
  #

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -360,6 +360,8 @@ twistlock:

 # Addons are toggled based on labels in CI
 addons:
+  vault:
+    enabled: true
  argocd:
    enabled: false
    sso: