53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
# infrastructure/vault-injector/helmrelease.yaml
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: vault-injector
|
|
namespace: vault
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: vault
|
|
version: 0.31.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: hashicorp
|
|
namespace: flux-system
|
|
install:
|
|
remediation: { retries: 3 }
|
|
timeout: 10m
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
remediateLastFailure: true
|
|
cleanupOnFail: true
|
|
timeout: 10m
|
|
values:
|
|
global:
|
|
externalVaultAddr: http://vault.vault.svc.cluster.local:8200
|
|
tlsDisable: true
|
|
server:
|
|
enabled: false
|
|
csi:
|
|
enabled: false
|
|
injector:
|
|
enabled: true
|
|
replicas: 1
|
|
agentImage:
|
|
repository: hashicorp/vault
|
|
tag: "1.17.6"
|
|
webhook:
|
|
failurePolicy: Ignore
|
|
nodeSelector:
|
|
node-role.kubernetes.io/worker: "true"
|
|
affinity:
|
|
nodeAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
preference:
|
|
matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: NotIn
|
|
values: ["titan-13", "titan-15", "titan-17", "titan-19"]
|