UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Vault kms key for new runners SKIP UPGRADE

Merged Vault kms key for new runners SKIP UPGRADE
bcobb-new-runner-testing into master
Merged Branden Cobb requested to merge bcobb-new-runner-testing into master
Compare
and
3 files
+ 81
3
Compare changes
  • Side-by-side
  • Inline
Files
3
tests/rke2-test-values.yaml
+ 77
1
@@ -442,7 +442,83 @@ addons:
cpu: 100m
memory: 1500Mi
limits: null
vault:
values:
autoInit:
enabled: true
global:
tlsDisable: false
injector:
extraEnvironmentVars:
VAULT_API_ADDR: https://vault.bigbang.dev
certs:
secretName: vault-tls
affinity: |
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
app.kubernetes.io/instance: "{{ .Release.Name }}"
component: webhook
topologyKey: kubernetes.io/hostname
server:
extraEnvironmentVars:
VAULT_API_ADDR: https://vault.bigbang.dev #istio GW
VAULT_SKIP_VERIFY: "true"
VAULT_LOG_FORMAT: "json"
dataStorage:
enabled: true
size: 256Mi
auditStorage:
size: 256Mi
ha:
enabled: true
replicas: 1
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = false
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/tls/tls.crt"
tls_key_file = "/vault/tls/tls.key"
telemetry {
unauthenticated_metrics_access = true
}
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-vault-0.vault-vault-internal:8200"
leader_client_cert_file = "/vault/tls/tls.crt"
leader_client_key_file = "/vault/tls/tls.key"
leader_tls_servername = "vault.bigbang.dev"
}
}
seal "awskms" {
region = "us-gov-west-1"
kms_key_id = "mrk-ff723da024254ea2b7f490c68fbc9b9b"
endpoint = "https://kms.us-gov-west-1.amazonaws.com"
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
}
service_registration "kubernetes" {}
keycloak:
values:
resources:

UNCLASSIFIED - NO CUI