platform: add vault csi driver

2025-12-25 03:14:50 -03:00 · 2025-12-25 03:14:50 -03:00 · fbe2490ef7
commit fbe2490ef7
parent 9bbdbb5fab
7 changed files with 71 additions and 0 deletions
--- a/clusters/atlas/flux-system/platform/kustomization.yaml
+++ b/clusters/atlas/flux-system/platform/kustomization.yaml
@ -8,3 +8,4 @@ resources:
  - gitops-ui/kustomization.yaml
  - monitoring/kustomization.yaml
  - longhorn-ui/kustomization.yaml
+  - ../platform/vault-csi/kustomization.yaml
--- a/clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml
+++ b/clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml
@ -0,0 +1,16 @@
+# clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: vault-csi
+  namespace: flux-system
+spec:
+  interval: 30m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./infrastructure/vault-csi
+  prune: true
+  wait: true
+  targetNamespace: kube-system
--- a/infrastructure/sources/helm/kustomization.yaml
+++ b/infrastructure/sources/helm/kustomization.yaml
@ -10,3 +10,4 @@ resources:
  - harbor.yaml
  - prometheus.yaml
  - victoria-metrics.yaml
+  - secrets-store-csi.yaml
--- a/infrastructure/sources/helm/secrets-store-csi.yaml
+++ b/infrastructure/sources/helm/secrets-store-csi.yaml
@ -0,0 +1,9 @@
+# infrastructure/sources/helm/secrets-store-csi.yaml
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: secrets-store-csi-driver
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
--- a/infrastructure/vault-csi/kustomization.yaml
+++ b/infrastructure/vault-csi/kustomization.yaml
@ -0,0 +1,7 @@
+# infrastructure/vault-csi/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - secrets-store-csi-driver.yaml
+  - vault-csi-provider.yaml
--- a/infrastructure/vault-csi/secrets-store-csi-driver.yaml
+++ b/infrastructure/vault-csi/secrets-store-csi-driver.yaml
@ -0,0 +1,20 @@
+# infrastructure/vault-csi/secrets-store-csi-driver.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: secrets-store-csi-driver
+  namespace: kube-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: secrets-store-csi-driver
+      version: "~1.3.0"
+      sourceRef:
+        kind: HelmRepository
+        name: secrets-store-csi-driver
+        namespace: flux-system
+  values:
+    syncSecret:
+      enabled: true
+    enableSecretRotation: false
--- a/infrastructure/vault-csi/vault-csi-provider.yaml
+++ b/infrastructure/vault-csi/vault-csi-provider.yaml
@ -0,0 +1,17 @@
+# infrastructure/vault-csi/vault-csi-provider.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vault-csi-provider
+  namespace: kube-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: vault-csi-provider
+      version: "~1.1.0"
+      sourceRef:
+        kind: HelmRepository
+        name: hashicorp
+        namespace: flux-system
+  values: {}