Add Vault

dudo · Apr 21, 2024 · 5245032 · 5245032
1 parent ac7534a
commit 5245032
Show file tree

Hide file tree

Showing 13 changed files with 9,694 additions and 73 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ mindmap
       nvidia device plugin
       postgres
       redpanda
-      sealed secrets
+      vault
     manifests
       GatewayClass
       Gateway
@@ -109,10 +109,14 @@ When spinning up the cluster for the first time, there are 3 primary steps.
 
     ```sh
     # Controller
+
+    export K3S_TOKEN=$(uuidgen)
+    export CONTROLLER_IP=192.168.4.78
+
     curl -sfL https://get.k3s.io | sh -s - \
     --write-kubeconfig-mode 644 \
-    --token toooookkkkeeennnnnnn \
-    --node-ip 192.168.4.78 \
+    --token $K3S_TOKEN \
+    --node-ip $CONTROLLER_IP \
     --flannel-backend=none \
     --disable-cloud-controller \
     --disable-kube-proxy \
@@ -122,7 +126,14 @@ When spinning up the cluster for the first time, there are 3 primary steps.
     --disable traefik
 
     # Workers
-    curl -sfL https://get.k3s.io | K3S_URL=https://192.168.4.78:6443 K3S_TOKEN=toooookkkkeeennnnnnn sh -
+
+    export K3S_TOKEN=
+    export K3S_URL=https://$CONTROLLER_IP:6443
+
+    curl -sfL https://get.k3s.io | sh -
+
+    # optional check to ensure a node is fully operational
+    k3s check-config
     ```
 
 2. Install `cilium`
@@ -133,7 +144,7 @@ When spinning up the cluster for the first time, there are 3 primary steps.
     - [Rebuilding the Linux Kernel](https://gist.github.com/dudo/7d853fd54f2d3db6e5e44b8b59ae12d5)
 
     ```sh
-    cilium install --version 1.15.1
+    cilium install --version 1.15.4
     cilium status --wait
     ```
 
@@ -161,8 +172,7 @@ kubectl get Kustomization -n flux-system
 kubectl get HelmRelease -n blue
 kubectl logs -n flux-system deploy/image-automation-controller
 
-kubectl run curl --image=curlimages/curl --restart=Never --rm -it -- sh
-kubectl run busybox --image=busybox --restart=Never --rm -it -- sh
+kubectl debug POD -it --image=busybox
 ```
 
 ### flux

diff --git a/charts/base/kustomization.yaml b/charts/base/kustomization.yaml
@@ -5,12 +5,11 @@ resources:
   - ../sources
   - cert-manager
   - cilium
-  - cloudflare-tunnel
-  - grafana
-  # - metrics-server # This is included with k0s
+  # - cloudflare-tunnel
+  # - grafana
   - mqtt
   - node-feature-discovery
   - nvidia-device-plugin
   # - postgres # I'm not ready to install this yet. Need to work out storage. Longhorn?
   - redpanda
-  - sealed-secrets
+  - vault
diff --git a/charts/base/metrics-server/values.yaml b/charts/base/metrics-server/values.yaml
diff --git a/charts/base/sealed-secrets/kustomization.yaml b/charts/base/sealed-secrets/kustomization.yaml
diff --git a/charts/base/sealed-secrets/release.yaml b/charts/base/sealed-secrets/release.yaml
diff --git a/charts/base/sealed-secrets/values.yaml b/charts/base/sealed-secrets/values.yaml
diff --git a/...ts/base/metrics-server/kustomization.yaml → charts/base/vault/kustomization.yaml b/...ts/base/metrics-server/kustomization.yaml → charts/base/vault/kustomization.yaml
@@ -5,8 +5,8 @@ namespace: flux-system
 resources:
   - release.yaml
 configMapGenerator:
-  - name: metrics-server-values
+  - name: vault-values
     files:
       - values.yaml=values.yaml
 components:
-  - ../../components/configurations
+  - ../../../components/configurations
diff --git a/charts/base/metrics-server/release.yaml → charts/base/vault/release.yaml b/charts/base/metrics-server/release.yaml → charts/base/vault/release.yaml
@@ -2,22 +2,23 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
-  name: metrics-server
+  name: vault
 spec:
-  releaseName: metrics-server
-  targetNamespace: kube-system
+  releaseName: vault
+  targetNamespace: vault
   chart:
     spec:
-      chart: metrics-server
+      chart: vault
       sourceRef:
         kind: HelmRepository
-        name: metrics-server
+        name: hashicorp
         namespace: flux-system
-      version: "^3.8.2"
+      version: "^0.28.0"
   interval: 12h
   install:
+    createNamespace: true
     remediation:
       retries: 3
   valuesFrom:
     - kind: ConfigMap
-      name: metrics-server-values
+      name: vault-values
diff --git a/charts/base/vault/values.yaml b/charts/base/vault/values.yaml
@@ -0,0 +1,2 @@
+# https://github.com/hashicorp/vault-helm/blob/main/values.yaml
+---
diff --git a/charts/sources/sealed-secrets.yaml → charts/sources/hashicorp.yaml b/charts/sources/sealed-secrets.yaml → charts/sources/hashicorp.yaml
@@ -2,7 +2,7 @@
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: HelmRepository
 metadata:
-  name: sealed-secrets
+  name: hashicorp
 spec:
   interval: 24h
-  url: https://bitnami-labs.github.io/sealed-secrets
+  url: https://helm.releases.hashicorp.com
diff --git a/charts/sources/kustomization.yaml b/charts/sources/kustomization.yaml
@@ -6,8 +6,8 @@ resources:
   - cilium.yaml
   - cloudflare.yaml
   - grafana.yaml
+  - hashicorp.yaml
   - jetstack.yaml
-  # - metrics-server.yaml # This is included with k0s
   - node-feature-discovery.yaml
   - nvidia-device-plugin.yaml
   # - postgres-operator.yaml

diff --git a/charts/sources/metrics-server.yaml b/charts/sources/metrics-server.yaml
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# https://github.com/hashicorp/vault-helm/blob/main/values.yaml
		---