add vault deployment

chart/templates/vault/gitrepository.yaml

-<<<<<<< HEAD
 {{- if and (not .Values.offline) .Values.addons.vault.enabled }}
-=======
-{{- if and (not .Values.offline) .Values.vault.enabled }}
->>>>>>> b3d915d2 (add vault deployment)
+>>>>>>> f2e7663c (add vault deployment)
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:
@@ -14,15 +11,9 @@ metadata:
     {{- include "commonLabels" . | nindent 4}}
 spec:
   interval: {{ .Values.flux.interval }}
-<<<<<<< HEAD
   url: {{ .Values.addons.vault.git.repo }}
   ref:
     {{- include "validRef" .Values.addons.vault.git | nindent 4 }}
-=======
-  url: {{ .Values.vault.git.repo }}
-  ref:
-    {{- include "validRef" .Values.vault.git | nindent 4 }}
->>>>>>> b3d915d2 (add vault deployment)
   {{ include "gitIgnore" . }}
   {{- include "gitCreds" . | nindent 2 }}
 {{- end }}

chart/templates/vault/imagepullsecret.yaml

-<<<<<<< HEAD
 {{- if .Values.addons.vault.enabled }}
-=======
-{{- if .Values.vault.enabled }}
->>>>>>> b3d915d2 (add vault deployment)
 {{- if ( include "imagePullSecret" . ) }}
 apiVersion: v1
 kind: Secret
@@ -17,8 +13,4 @@ type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: {{ template "imagePullSecret" . }}
 {{- end }}
-<<<<<<< HEAD
-{{- end }}
-=======
-{{- end }}
->>>>>>> b3d915d2 (add vault deployment)
+{{- end }}
\ No newline at end of file

chart/templates/vault/twistlock-helmrelease.yaml

-{{- $fluxSettingsVault := merge .Values.vault.flux .Values.flux -}}
-{{- if .Values.vault.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: vault
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: vault
-    app.kubernetes.io/component: "sandbox"
-    {{- include "commonLabels" . | nindent 4}}
-spec:
-  targetNamespace: vault
-  chart:
-    spec:
-      chart: {{ .Values.vault.git.path }}
-      interval: 5m
-      sourceRef:
-        kind: GitRepository
-        name: vault
-        namespace: {{ .Release.Namespace }}
-
-  {{- toYaml $fluxSettingsVault | nindent 2 }}
-  
-  {{- if .Values.vault.postRenderers }}
-  postRenderers:
-  {{ toYaml .Values.vault.postRenderers | nindent 4 }}
-  {{- end }}
-  valuesFrom:
-    - name: {{ .Release.Name }}-vault-values
-      kind: Secret
-      valuesKey: "common"
-    - name: {{ .Release.Name }}-vault-values
-      kind: Secret
-      valuesKey: "defaults"
-    - name: {{ .Release.Name }}-vault-values
-      kind: Secret
-      valuesKey: "overlays"
-
-  # TODO: DRY this up
-  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled }}
-  dependsOn:
-    {{- if .Values.gatekeeper.enabled }}
-    - name: gatekeeper
-      namespace: {{ .Release.Namespace }}
-    {{- end }}
-    {{- if .Values.istio.enabled }}
-    - name: istio
-      namespace: {{ .Release.Namespace }}
-    {{- end }}
-    {{- if .Values.monitoring.enabled }}
-    - name: monitoring
-      namespace: {{ .Release.Namespace }}
-    {{- end }}
-  {{- end }}
-{{- end }}

chart/templates/vault/values.yaml

-<<<<<<< HEAD
 {{- if .Values.addons.vault.enabled }}
 {{- include "values-secret" (dict "root" $ "package" .Values.addons.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
-=======
-{{- if .Values.vault.enabled }}
-{{- include "values-secret" (dict "root" $ "package" .Values.vault "name" "vault" "defaults" (include "bigbang.defaults.vault" .)) }}
->>>>>>> b3d915d2 (add vault deployment)
 {{- end }}
 
 {{- define "bigbang.defaults.vault" -}}
@@ -19,7 +14,6 @@ prometheus:
   servicemonitor:
     enabled: {{ .Values.monitoring.enabled }}
 
-<<<<<<< HEAD
 networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
   ingressLabels:
@@ -30,10 +24,6 @@ networkPolicies:
 global:
   imagePullSecrets:
   - name: private-registry
-=======
-imagePullSecrets:
-- name: private-registry
->>>>>>> b3d915d2 (add vault deployment)
 
 networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
@@ -42,7 +32,6 @@ networkPolicies:
     {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
     {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
   nodeCidr: {{ .Values.networkPolicies.nodeCidr }}
-<<<<<<< HEAD
 istio:
   enabled: {{ .Values.istio.enabled }}
   vault:
@@ -61,14 +50,3 @@ networkPolicies:
   nodeCidr: {{ .Values.networkPolicies.nodeCidr }}
 
 {{- end -}}
-
-=======
-
-istio:
-  enabled: {{ .Values.istio.enabled }}
-  console:
-    gateways:
-    - istio-system/{{ default "public" .Values.vault.ingress.gateway }}
-
-{{- end -}}
->>>>>>> b3d915d2 (add vault deployment)

chart/templates/vault/vault-helmrelease.yaml

@@ -46,4 +46,4 @@ spec:
       namespace: {{ .Release.Namespace }}
     {{- end }}
   {{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file

chart/values.yaml

@@ -485,6 +485,21 @@ twistlock:
 # ----------------------------------------------------------------------------------------------------------------------
 #
 addons:
+  vault:
+    # -- Toggle deployment of Vault.
+    enabled: true
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
+      path: "./chart"
+      branch: "deploy-vault"
+    # -- Flux reconciliation overrides specifically for the Twistlock Package
+    flux: {}
+    ingress:
+      gateway: ""
+    values: {}
+    postRenderers: []
+
+
   argocd:
     # -- Toggle deployment of ArgoCD.
     enabled: false
@@ -549,18 +564,6 @@ addons:
     # -- Additional authservice chain configurations.
     chains: {}
 
-  # ----------------------------------------------------------------------------------------------------------------------  
-  # Vault
- #
-  vault:
-  # -- Toggle deployment of vault.
-    enabled: true
-    git:
-      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
-      path: "./chart"
-      branch: "deploy-vault"
-  # ----------------------------------------------------------------------------------------------------------------------  
-
   # ----------------------------------------------------------------------------------------------------------------------
   # Minio Operator and Instance
   #

tests/test-values.yaml

@@ -360,6 +360,8 @@ twistlock:
 
 # Addons are toggled based on labels in CI
 addons:
+  vault:
+    enabled: true
   argocd:
     enabled: false
     sso: