From be7d32c160c6eb3791638e28e16f96759b3a071f Mon Sep 17 00:00:00 2001 From: James Andariese Date: Wed, 26 Apr 2023 08:20:20 -0500 Subject: [PATCH] adds vault-agent-injector --- argo1/templates/vault-agent-injector.yaml | 42 +++++++++++++++++++++++ argo1/values.yaml | 7 ++++ 2 files changed, 49 insertions(+) create mode 100644 argo1/templates/vault-agent-injector.yaml diff --git a/argo1/templates/vault-agent-injector.yaml b/argo1/templates/vault-agent-injector.yaml new file mode 100644 index 0000000..3f34074 --- /dev/null +++ b/argo1/templates/vault-agent-injector.yaml @@ -0,0 +1,42 @@ +# {{ if (index .Values "vault-agent-injector").enabled }} +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: "{{ .Release.Name }}-vault-agent-injector" + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + chart: "vault" + repoURL: "https://helm.releases.hashicorp.com" + targetRevision: "0.23.0" + helm: + values: |- + {{ (index .Values "vault-agent-injector").values | nindent 8 }} + # the next line preserves the release name. + # this is optional but recommended for singleton services. + releaseName: "vault-agent-injector" + destination: + server: "https://kubernetes.default.svc" + namespace: "vault-auth" + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: 10 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m0s + ignoreDifferences: + - group: admissionregistration.k8s.io + kind: MutatingWebhookConfiguration + jqPathExpressions: + - '.webhooks[].clientConfig.caBundle' +# {{- end }} diff --git a/argo1/values.yaml b/argo1/values.yaml index a5b5387..127bf09 100644 --- a/argo1/values.yaml +++ b/argo1/values.yaml @@ -17,3 +17,10 @@ argo-cd: configs: params: "server.insecure": "true" + +vault-agent-injector: + enabled: true + values: | + global: + # disable global vault because we're only using this as an agent injector + enabled: false