adds vault-agent-injector

This commit is contained in:
James Andariese 2023-04-26 08:20:20 -05:00
parent 8e8325a86e
commit be7d32c160
2 changed files with 49 additions and 0 deletions

View File

@ -0,0 +1,42 @@
# {{ if (index .Values "vault-agent-injector").enabled }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: "{{ .Release.Name }}-vault-agent-injector"
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
chart: "vault"
repoURL: "https://helm.releases.hashicorp.com"
targetRevision: "0.23.0"
helm:
values: |-
{{ (index .Values "vault-agent-injector").values | nindent 8 }}
# the next line preserves the release name.
# this is optional but recommended for singleton services.
releaseName: "vault-agent-injector"
destination:
server: "https://kubernetes.default.svc"
namespace: "vault-auth"
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 10
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s
ignoreDifferences:
- group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
jqPathExpressions:
- '.webhooks[].clientConfig.caBundle'
# {{- end }}

View File

@ -17,3 +17,10 @@ argo-cd:
configs:
params:
"server.insecure": "true"
vault-agent-injector:
enabled: true
values: |
global:
# disable global vault because we're only using this as an agent injector
enabled: false