feat(kubernetes): install vault to the cluster

Author: mrsimonemms

modules/kubernetes/README.md

@@ -30,6 +30,8 @@ No modules.
 | [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vault_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vault_webhook](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_annotations.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/annotations) | resource |
 | [kubernetes_manifest.csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
 | [kubernetes_namespace_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
@@ -42,6 +44,8 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_bank_vaults_operator_version"></a> [bank\_vaults\_operator\_version](#input\_bank\_vaults\_operator\_version) | Version of Bank Vaults operator to install - defaults to latest | `string` | `null` | no |
+| <a name="input_bank_vaults_webhook_version"></a> [bank\_vaults\_webhook\_version](#input\_bank\_vaults\_webhook\_version) | Version of Bank Vaults webhook to install - defaults to latest | `string` | `null` | no |
 | <a name="input_cilium_version"></a> [cilium\_version](#input\_cilium\_version) | Version of Cilium to use - defaults to latest | `string` | `null` | no |
 | <a name="input_cloudflare_api_token"></a> [cloudflare\_api\_token](#input\_cloudflare\_api\_token) | Cloudflare API token | `string` | n/a | yes |
 | <a name="input_external_dns_version"></a> [external\_dns\_version](#input\_external\_dns\_version) | Version of External DNS to install - defaults to latest | `string` | `null` | no |

modules/kubernetes/variables.tf

@@ -12,6 +12,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+variable "bank_vaults_webhook_version" {
+  type        = string
+  description = "Version of Bank Vaults webhook to install - defaults to latest"
+  default     = null
+}
+
+variable "bank_vaults_operator_version" {
+  type        = string
+  description = "Version of Bank Vaults operator to install - defaults to latest"
+  default     = null
+}
+
 variable "cilium_version" {
   type        = string
   description = "Version of Cilium to use - defaults to latest"

modules/kubernetes/vault.tf

@@ -0,0 +1,41 @@
+# Copyright 2024 Simon Emms <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "helm_release" "vault_operator" {
+  chart            = "oci://ghcr.io/bank-vaults/helm-charts/vault-operator"
+  name             = "vault-operator"
+  atomic           = true
+  cleanup_on_fail  = true
+  create_namespace = true
+  namespace        = "vault"
+  reset_values     = true
+  version          = var.bank_vaults_operator_version
+  wait             = true
+
+  depends_on = [kubernetes_manifest.csi_driver]
+}
+
+resource "helm_release" "vault_webhook" {
+  chart            = "oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook"
+  name             = "vault-secrets-webhook"
+  atomic           = true
+  cleanup_on_fail  = true
+  create_namespace = true
+  namespace        = "vault"
+  reset_values     = true
+  version          = var.bank_vaults_webhook_version
+  wait             = true
+
+  depends_on = [helm_release.vault_operator]
+}

toodaloo.md

@@ -4,4 +4,4 @@
 
 | File | Line Number | Author | Message |
 | --- | --- | --- | --- |
-| [modules/kubernetes/variables.tf](modules/kubernetes/variables.tf#L92) | 92 | Simon Emms <[email protected]> | create the load balancer in the hetzner stage |
+| [modules/kubernetes/variables.tf](modules/kubernetes/variables.tf#L104) | 104 | Simon Emms <[email protected]> | create the load balancer in the hetzner stage |