From 70875697da17037882feed1a6beda659234fdb7a Mon Sep 17 00:00:00 2001
From: Kavitha Thulasiraman <kavithathulasiraman@Kavithas-MacBook-Pro-2.local>
Date: Wed, 22 Sep 2021 13:46:53 -0400
Subject: [PATCH] add vault deployment
---
chart/templates/vault/gitrepository.yaml | 6 ++---
chart/templates/vault/imagepullsecret.yaml | 2 +-
chart/templates/vault/values.yaml | 15 +++--------
...elmrelease.yaml => vault-helmrelease.yaml} | 8 +++---
chart/values.yaml | 27 ++++++++++---------
tests/test-values.yaml | 2 ++
6 files changed, 29 insertions(+), 31 deletions(-)
rename chart/templates/vault/{twistlock-helmrelease.yaml => vault-helmrelease.yaml} (86%)
diff --git a/chart/templates/vault/gitrepository.yaml b/chart/templates/vault/gitrepository.yaml
index f65f3ea347..5080999e5d 100644
--- a/chart/templates/vault/gitrepository.yaml
+++ b/chart/templates/vault/gitrepository.yaml
@@ -1,4 +1,4 @@
-{{- if and (not .Values.offline) .Values.vault.enabled }}
+{{- if and (not .Values.offline) .Values.addons.vault.enabled }}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
@@ -10,9 +10,9 @@ metadata:
{{- include "commonLabels" . | nindent 4}}
spec:
interval: {{ .Values.flux.interval }}
- url: {{ .Values.vault.git.repo }}
+ url: {{ .Values.addons.vault.git.repo }}
ref:
- {{- include "validRef" .Values.vault.git | nindent 4 }}
+ {{- include "validRef" .Values.addons.vault.git | nindent 4 }}
{{ include "gitIgnore" . }}
{{- include "gitCreds" . | nindent 2 }}
{{- end }}
diff --git a/chart/templates/vault/imagepullsecret.yaml b/chart/templates/vault/imagepullsecret.yaml
index f6a067c680..a12c41fd3c 100644
--- a/chart/templates/vault/imagepullsecret.yaml
+++ b/chart/templates/vault/imagepullsecret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.vault.enabled }}
+{{- if .Values.addons.vault.enabled }}
{{- if ( include "imagePullSecret" . ) }}
apiVersion: v1
kind: Secret
diff --git a/chart/templates/vault/values.yaml b/chart/templates/vault/values.yaml
index 3d7fd817c9..0ef7b43cc7 100644
--- a/chart/templates/vault/values.yaml
+++ b/chart/templates/vault/values.yaml
@@ -1,5 +1,5 @@
-{{- if .Values.vault.enabled }}
-{{- include "values-secret" (dict "root" $ "package" .Values.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
+{{- if .Values.addons.vault.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.addons.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
{{- end }}
{{- define "bigbang.defaults.vault" -}}
@@ -17,18 +17,11 @@ prometheus:
imagePullSecrets:
- name: private-registry
-networkPolicies:
- enabled: {{ .Values.networkPolicies.enabled }}
- ingressLabels:
- {{- $gateway := default "public" .Values.twistlock.ingress.gateway }}
- {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
- {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
- nodeCidr: {{ .Values.networkPolicies.nodeCidr }}
+
istio:
enabled: {{ .Values.istio.enabled }}
console:
gateways:
- - istio-system/{{ default "public" .Values.vault.ingress.gateway }}
-
+ - istio-system/public
{{- end -}}
diff --git a/chart/templates/vault/twistlock-helmrelease.yaml b/chart/templates/vault/vault-helmrelease.yaml
similarity index 86%
rename from chart/templates/vault/twistlock-helmrelease.yaml
rename to chart/templates/vault/vault-helmrelease.yaml
index 14e476fc10..901f3c13d5 100644
--- a/chart/templates/vault/twistlock-helmrelease.yaml
+++ b/chart/templates/vault/vault-helmrelease.yaml
@@ -1,5 +1,5 @@
-{{- $fluxSettingsVault := merge .Values.vault.flux .Values.flux -}}
-{{- if .Values.vault.enabled }}
+{{- $fluxSettingsVault := merge .Values.addons.vault.flux .Values.flux -}}
+{{- if .Values.addons.vault.enabled }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
@@ -13,7 +13,7 @@ spec:
targetNamespace: vault
chart:
spec:
- chart: {{ .Values.vault.git.path }}
+ chart: {{ .Values.addons.vault.git.path }}
interval: 5m
sourceRef:
kind: GitRepository
@@ -22,7 +22,7 @@ spec:
{{- toYaml $fluxSettingsVault | nindent 2 }}
- {{- if .Values.vault.postRenderers }}
+ {{- if .Values.addons.vault.postRenderers }}
postRenderers:
{{ toYaml .Values.vault.postRenderers | nindent 4 }}
{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index e9dc397c5b..d59c46d11e 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -486,6 +486,21 @@ twistlock:
# ----------------------------------------------------------------------------------------------------------------------
#
addons:
+ vault:
+ # -- Toggle deployment of Vault.
+ enabled: true
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
+ path: "./chart"
+ branch: "deploy-vault"
+ # -- Flux reconciliation overrides specifically for the Twistlock Package
+ flux: {}
+ ingress:
+ gateway: ""
+ values: {}
+ postRenderers: []
+
+
argocd:
# -- Toggle deployment of ArgoCD.
enabled: false
@@ -550,18 +565,6 @@ addons:
# -- Additional authservice chain configurations.
chains: {}
- # ----------------------------------------------------------------------------------------------------------------------
- # Vault
- #
- vault:
- # -- Toggle deployment of vault.
- enabled: true
- git:
- repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
- path: "./chart"
- branch: "deploy-vault"
- # ----------------------------------------------------------------------------------------------------------------------
-
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 1e7216c778..1691f4e0ca 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -360,6 +360,8 @@ twistlock:
# Addons are toggled based on labels in CI
addons:
+ vault:
+ enabled: true
argocd:
enabled: false
sso:
--
GitLab