Skip to content

Commit

Permalink
feat: tls between vault and vault-operator working
Browse files Browse the repository at this point in the history
  • Loading branch information
tomaspalma committed Aug 14, 2024
1 parent 784cd22 commit 4094ee2
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 9 deletions.
7 changes: 0 additions & 7 deletions services/vault/00-namespaces.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,3 @@ kind: Namespace
apiVersion: v1
metadata:
name: vault

---

kind: Namespace
apiVersion: v1
metadata:
name: vault-operator
4 changes: 4 additions & 0 deletions services/vault/01-certificates.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ metadata:
spec:
isCA: true
commonName: "*"
ipAddresses:
- 127.0.0.1
dnsNames:
- vault.vault.svc.cluster.local
secretName: vault-cluster-ca-secret
privateKey:
algorithm: ECDSA
Expand Down
2 changes: 1 addition & 1 deletion services/vault/deploy-vault-dev.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ kubectl apply -f "$(dirname "$0")"/02-ingress-routes.yaml
kubectl apply -f "$(dirname "$0")"/vault-sa.yaml

helm upgrade --install vault hashicorp/vault --namespace vault --values $(dirname $0)/vault-dev-values.yaml
helm upgrade --install vault-secrets-operator hashicorp/vault-secrets-operator --namespace vault-operator --values $(dirname $0)/vault-operator-dev-values.yaml
helm upgrade --install vault-secrets-operator hashicorp/vault-secrets-operator --namespace vault --values $(dirname $0)/vault-operator-dev-values.yaml
2 changes: 1 addition & 1 deletion services/vault/deploy-vault-prod.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ kubectl apply -f "$(dirname "$0")"/03-bundle.yaml
kubectl apply -f "$(dirname "$0")"/vault-sa.yaml

helm upgrade --install vault hashicorp/vault --namespace vault --values $(dirname $0)/vault-prod-values.yaml
helm upgrade --install vault-secrets-operator hashicorp/vault-secrets-operator --namespace vault-operator --values $(dirname $0)/vault-operator-prod-values.yaml
helm upgrade --install vault-secrets-operator hashicorp/vault-secrets-operator --namespace vault --values $(dirname $0)/vault-operator-prod-values.yaml
2 changes: 2 additions & 0 deletions services/vault/vault-operator-prod-values.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# https://github.com/hashicorp/vault-secrets-operator/blob/main/chart/values.yaml
defaultVaultConnection:
enabled: true
address: "https://vault.vault.svc.cluster.local:8200"
skipTLSVerify: false
caCertSecret: "vault-cluster-ca-secret"
controller:
manager:
clientCache:
Expand Down
4 changes: 4 additions & 0 deletions services/vault/vault-prod-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ server:
dev:
enabled: false
logLevel: debug
extraEnvironmentVars:
VAULT_CACERT: /opt/vault/tls/ca.crt
VAULT_TLSCERT: /opt/vault/tls/tls.crt
VAULT_TLSKEY: /opt/vault/tls/tls.key
volumes:
- name: tls
secret:
Expand Down

0 comments on commit 4094ee2

Please sign in to comment.