diff --git a/clusters/atlas/flux-system/platform/kustomization.yaml b/clusters/atlas/flux-system/platform/kustomization.yaml index 040e478..fbca36e 100644 --- a/clusters/atlas/flux-system/platform/kustomization.yaml +++ b/clusters/atlas/flux-system/platform/kustomization.yaml @@ -8,3 +8,4 @@ resources: - gitops-ui/kustomization.yaml - monitoring/kustomization.yaml - longhorn-ui/kustomization.yaml + - ../platform/vault-csi/kustomization.yaml diff --git a/clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml b/clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml new file mode 100644 index 0000000..5a56941 --- /dev/null +++ b/clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml @@ -0,0 +1,16 @@ +# clusters/atlas/flux-system/platform/vault-csi/kustomization.yaml +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: vault-csi + namespace: flux-system +spec: + interval: 30m + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + path: ./infrastructure/vault-csi + prune: true + wait: true + targetNamespace: kube-system diff --git a/infrastructure/sources/helm/kustomization.yaml b/infrastructure/sources/helm/kustomization.yaml index 3ded0f1..7b2163b 100644 --- a/infrastructure/sources/helm/kustomization.yaml +++ b/infrastructure/sources/helm/kustomization.yaml @@ -10,3 +10,4 @@ resources: - harbor.yaml - prometheus.yaml - victoria-metrics.yaml + - secrets-store-csi.yaml diff --git a/infrastructure/sources/helm/secrets-store-csi.yaml b/infrastructure/sources/helm/secrets-store-csi.yaml new file mode 100644 index 0000000..1fc4ae5 --- /dev/null +++ b/infrastructure/sources/helm/secrets-store-csi.yaml @@ -0,0 +1,9 @@ +# infrastructure/sources/helm/secrets-store-csi.yaml +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: secrets-store-csi-driver + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts diff --git a/infrastructure/vault-csi/kustomization.yaml b/infrastructure/vault-csi/kustomization.yaml new file mode 100644 index 0000000..5598653 --- /dev/null +++ b/infrastructure/vault-csi/kustomization.yaml @@ -0,0 +1,7 @@ +# infrastructure/vault-csi/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: + - secrets-store-csi-driver.yaml + - vault-csi-provider.yaml diff --git a/infrastructure/vault-csi/secrets-store-csi-driver.yaml b/infrastructure/vault-csi/secrets-store-csi-driver.yaml new file mode 100644 index 0000000..0b249fc --- /dev/null +++ b/infrastructure/vault-csi/secrets-store-csi-driver.yaml @@ -0,0 +1,20 @@ +# infrastructure/vault-csi/secrets-store-csi-driver.yaml +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: secrets-store-csi-driver + namespace: kube-system +spec: + interval: 15m + chart: + spec: + chart: secrets-store-csi-driver + version: "~1.3.0" + sourceRef: + kind: HelmRepository + name: secrets-store-csi-driver + namespace: flux-system + values: + syncSecret: + enabled: true + enableSecretRotation: false diff --git a/infrastructure/vault-csi/vault-csi-provider.yaml b/infrastructure/vault-csi/vault-csi-provider.yaml new file mode 100644 index 0000000..379d7ff --- /dev/null +++ b/infrastructure/vault-csi/vault-csi-provider.yaml @@ -0,0 +1,17 @@ +# infrastructure/vault-csi/vault-csi-provider.yaml +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vault-csi-provider + namespace: kube-system +spec: + interval: 15m + chart: + spec: + chart: vault-csi-provider + version: "~1.1.0" + sourceRef: + kind: HelmRepository + name: hashicorp + namespace: flux-system + values: {}