snelcom-ansible
/
snel.kubernetes-cluster
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
snel.kubernetes-cluster/roles/not_used/hashicorp_secrets/tasks/main.yml

84 lines
2.1 KiB
YAML
Raw Blame History

---
#
# Not tested and finished yet.
#
- name: Helm add Hashicorp repo
delegate_to: "{{ kubectl_host }}"
run_once: true
kubernetes.core.helm_repository:
name: hashicorp
repo_url: "https://helm.releases.hashicorp.com"
- name: Helm deploy Hashicorp Vault Secrets Operator
delegate_to: "{{ kubectl_host }}"
kubernetes.core.helm:
kubeconfig: "{{ kubeconfig }}"
chart_ref: hashicorp/vault-secrets-operator
release_name: vault-secrets-operator
release_namespace: vault-secrets-operator-system
create_namespace: true
wait: true
# https://github.com/hashicorp/vault-secrets-operator/blob/main/chart/values.yaml
values:
defaultVaultConnection:
enabled: true
address: "https://zabbix.snel.com:8200"
skipTLSVerify: false
spec:
template:
spec:
containers:
- name: manager
args:
- "--client-cache-persistence-model=direct-encrypted"
- name: VaultAuth
delegate_to: "{{ kubectl_host }}"
kubernetes.core.k8s:
kubeconfig: "{{ kubeconfig }}"
resource_definition:
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultAuth
metadata:
name: static-auth
namespace: app
spec:
method: kubernetes
mount: demo-auth-mount
kubernetes:
role: role1
serviceAccount: default
audiences:
- vault
- name: VaultStaticSecret
delegate_to: "{{ kubectl_host }}"
kubernetes.core.k8s:
kubeconfig: "{{ kubeconfig }}"
resource_definition:
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vault-kv-app
namespace: app
spec:
type: kv-v2
# mount path
mount: kvv2
# path of the secret
path: webapp/config
# dest k8s secret
destination:
name: secretkv
create: true
# static secret refresh interval
refreshAfter: 30s
# Name of the CRD to authenticate to Vault
vaultAuthRef: static-auth
Reference in New Issue View Git Blame Copy Permalink