alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

add unseal

Browse Source
This commit is contained in:
Alex Lebens
2025-02-17 13:40:31 -06:00
parent ebb507d0ff
commit 832c8264c4
2 changed files with 303 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
clusters/cl01tl/platform/vault/Chart.yaml
View File

@@ -20,9 +20,9 @@ dependencies:
# alias: snapshot # alias: snapshot
# repository: https://bjw-s.github.io/helm-charts/ # repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1 # version: 3.6.1
# - name: app-template - name: app-template
# alias: unseal alias: unseal
# repository: https://bjw-s.github.io/helm-charts/ repository: https://bjw-s.github.io/helm-charts/
# version: 3.6.1 version: 3.6.1
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png
appVersion: 1.18.4 appVersion: 1.18.4

598
clusters/cl01tl/platform/vault/templates/external-secret.yaml
View File

@@ -75,305 +75,305 @@
# metadataPolicy: None # metadataPolicy: None
# property: AWS_SECRET_ACCESS_KEY # property: AWS_SECRET_ACCESS_KEY
# --- ---
# apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret kind: ExternalSecret
# metadata: metadata:
# name: vault-unseal-config-1 name: vault-unseal-config-1
# namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
# labels: labels:
# app.kubernetes.io/name: vault-unseal-key-1 app.kubernetes.io/name: vault-unseal-key-1
# app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: spec:
# secretStoreRef: secretStoreRef:
# kind: ClusterSecretStore kind: ClusterSecretStore
# name: vault name: vault
# data: data:
# - secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: ENVIRONMENT property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: CHECK_INTERVAL property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
# - secretKey: NODES - secretKey: NODES
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: NODES property: NODES
# - secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
# - secretKey: TOKENS - secretKey: TOKENS
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: TOKENS property: TOKENS
# - secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: EMAIL_ENABLED property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-1 key: /cl01tl/vault/unseal/config-1
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
# --- ---
# apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret kind: ExternalSecret
# metadata: metadata:
# name: vault-unseal-config-2 name: vault-unseal-config-2
# namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
# labels: labels:
# app.kubernetes.io/name: vault-unseal-key-2 app.kubernetes.io/name: vault-unseal-key-2
# app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: spec:
# secretStoreRef: secretStoreRef:
# kind: ClusterSecretStore kind: ClusterSecretStore
# name: vault name: vault
# data: data:
# - secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: ENVIRONMENT property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: CHECK_INTERVAL property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
# - secretKey: NODES - secretKey: NODES
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: NODES property: NODES
# - secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
# - secretKey: TOKENS - secretKey: TOKENS
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: TOKENS property: TOKENS
# - secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: EMAIL_ENABLED property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-2 key: /cl01tl/vault/unseal/config-2
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
# --- ---
# apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret kind: ExternalSecret
# metadata: metadata:
# name: vault-unseal-config-3 name: vault-unseal-config-3
# namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
# labels: labels:
# app.kubernetes.io/name: vault-unseal-config-3 app.kubernetes.io/name: vault-unseal-config-3
# app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: unseal app.kubernetes.io/component: unseal
# app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: spec:
# secretStoreRef: secretStoreRef:
# kind: ClusterSecretStore kind: ClusterSecretStore
# name: vault name: vault
# data: data:
# - secretKey: ENVIRONMENT - secretKey: ENVIRONMENT
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: ENVIRONMENT property: ENVIRONMENT
# - secretKey: CHECK_INTERVAL - secretKey: CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: CHECK_INTERVAL property: CHECK_INTERVAL
# - secretKey: MAX_CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: MAX_CHECK_INTERVAL property: MAX_CHECK_INTERVAL
# - secretKey: NODES - secretKey: NODES
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: NODES property: NODES
# - secretKey: TLS_SKIP_VERIFY - secretKey: TLS_SKIP_VERIFY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: TLS_SKIP_VERIFY property: TLS_SKIP_VERIFY
# - secretKey: TOKENS - secretKey: TOKENS
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: TOKENS property: TOKENS
# - secretKey: EMAIL_ENABLED - secretKey: EMAIL_ENABLED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: EMAIL_ENABLED property: EMAIL_ENABLED
# - secretKey: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_MAX_ELAPSED
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_MAX_ELAPSED property: NOTIFY_MAX_ELAPSED
# - secretKey: NOTIFY_QUEUE_DELAY - secretKey: NOTIFY_QUEUE_DELAY
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/unseal/config-3 key: /cl01tl/vault/unseal/config-3
# metadataPolicy: None metadataPolicy: None
# property: NOTIFY_QUEUE_DELAY property: NOTIFY_QUEUE_DELAY
# --- ---
# apiVersion: external-secrets.io/v1beta1 apiVersion: external-secrets.io/v1beta1
# kind: ExternalSecret kind: ExternalSecret
# metadata: metadata:
# name: vault-token name: vault-token
# namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
# labels: labels:
# app.kubernetes.io/name: vault-token app.kubernetes.io/name: vault-token
# app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: token app.kubernetes.io/component: token
# app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
# spec: spec:
# secretStoreRef: secretStoreRef:
# kind: ClusterSecretStore kind: ClusterSecretStore
# name: vault name: vault
# data: data:
# - secretKey: token - secretKey: token
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: token property: token
# - secretKey: unseal_key_1 - secretKey: unseal_key_1
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: unseal_key_1 property: unseal_key_1
# - secretKey: unseal_key_2 - secretKey: unseal_key_2
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: unseal_key_2 property: unseal_key_2
# - secretKey: unseal_key_3 - secretKey: unseal_key_3
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: unseal_key_3 property: unseal_key_3
# - secretKey: unseal_key_4 - secretKey: unseal_key_4
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: unseal_key_4 property: unseal_key_4
# - secretKey: unseal_key_5 - secretKey: unseal_key_5
# remoteRef: remoteRef:
# conversionStrategy: Default conversionStrategy: Default
# decodingStrategy: None decodingStrategy: None
# key: /cl01tl/vault/token key: /cl01tl/vault/token
# metadataPolicy: None metadataPolicy: None
# property: unseal_key_5 property: unseal_key_5