add vault deployment

e301f667 · Kavitha Thulasiraman · Ryan Garcia · 6dff0222 · e301f667 · e301f667
Commit e301f667 authored 3 years ago by Kavitha Thulasiraman Committed by Ryan Garcia 3 years ago
--- a/chart/templates/vault/gitrepository.yaml
+++ b/chart/templates/vault/gitrepository.yaml
+<<<<<<< HEAD
 {{- if and (not .Values.offline) .Values.addons.vault.enabled }}
+=======
+{{- if and (not .Values.offline) .Values.vault.enabled }}
+>>>>>>> eb61ff0b (add vault deployment)
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
@@ -10,9 +14,15 @@ metadata:
    {{- include "commonLabels" . | nindent 4}}
 spec:
  interval: {{ .Values.flux.interval }}
+<<<<<<< HEAD
  url: {{ .Values.addons.vault.git.repo }}
  ref:
    {{- include "validRef" .Values.addons.vault.git | nindent 4 }}
+=======
+  url: {{ .Values.vault.git.repo }}
+  ref:
+    {{- include "validRef" .Values.vault.git | nindent 4 }}
+>>>>>>> eb61ff0b (add vault deployment)
  {{ include "gitIgnore" . }}
  {{- include "gitCreds" . | nindent 2 }}
 {{- end }}
--- a/chart/templates/vault/imagepullsecret.yaml
+++ b/chart/templates/vault/imagepullsecret.yaml
+<<<<<<< HEAD
 {{- if .Values.addons.vault.enabled }}
+=======
+{{- if .Values.vault.enabled }}
+>>>>>>> eb61ff0b (add vault deployment)
 {{- if ( include "imagePullSecret" . ) }}
 apiVersion: v1
 kind: Secret

--- a/chart/templates/vault/namespace.yaml
+++ b/chart/templates/vault/namespace.yaml
+<<<<<<< HEAD
 {{- if .Values.addons.vault.enabled }}
+=======
+{{- if .Values.twistlock.enabled }}
+>>>>>>> eb61ff0b (add vault deployment)
 apiVersion: v1
 kind: Namespace
 metadata:

--- a/chart/templates/vault/twistlock-helmrelease.yaml
+++ b/chart/templates/vault/twistlock-helmrelease.yaml
+{{- $fluxSettingsVault := merge .Values.vault.flux .Values.flux -}}
+{{- if .Values.vault.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: vault
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: vault
+    app.kubernetes.io/component: "sandbox"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: vault
+  chart:
+    spec:
+      chart: {{ .Values.vault.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: vault
+        namespace: {{ .Release.Namespace }}
+
+  {{- toYaml $fluxSettingsVault | nindent 2 }}
+  
+  {{- if .Values.vault.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.vault.postRenderers | nindent 4 }}
+  {{- end }}
+  valuesFrom:
+    - name: {{ .Release.Name }}-vault-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-vault-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-vault-values
+      kind: Secret
+      valuesKey: "overlays"
+
+  # TODO: DRY this up
+  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled }}
+  dependsOn:
+    {{- if .Values.gatekeeper.enabled }}
+    - name: gatekeeper
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+    {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+    {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
+  {{- end }}
+{{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -564,6 +564,18 @@ addons:
    # -- Additional authservice chain configurations.
    chains: {}

+  # ----------------------------------------------------------------------------------------------------------------------  
+  # Vault
+ #
+  vault:
+  # -- Toggle deployment of vault.
+    enabled: true
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
+      path: "./chart"
+      branch: "deploy-vault"
+  # ----------------------------------------------------------------------------------------------------------------------  
+
  # ----------------------------------------------------------------------------------------------------------------------
  # Minio Operator and Instance
  #