Skip to content
This repository has been archived by the owner on Mar 1, 2023. It is now read-only.

Commit

Permalink
quoted hashicorp vault values
Browse files Browse the repository at this point in the history 
Signed-off-by: Dustin Scott <sdustin@vmware.com>
  • Loading branch information
Dustin Scott committed Sep 3, 2021
1 parent 65e67c5 commit 8d8e00f
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 52 deletions.
24 changes: 12 additions & 12 deletions roles/components/core/secret-management/hashicorp-vault/templates/server-app.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: hashicorp-vault
namespace: {{ tanzu_secrets.namespace }}
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: hashicorp-vault
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
spec:
serviceName: hashicorp-vault-internal
Expand All @@ -19,14 +19,14 @@ spec:
selector:
matchLabels:
app.kubernetes.io/name: hashicorp-vault
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
component: server
template:
metadata:
labels:
app.kubernetes.io/name: hashicorp-vault
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
component: server
spec:
Expand All @@ -36,12 +36,12 @@ spec:
- labelSelector:
matchLabels:
app.kubernetes.io/name: hashicorp-vault
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: "hashicorp"
component: server
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10
serviceAccountName: {{ tanzu_secrets.hashicorp_vault.resource_name }}
serviceAccountName: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
securityContext:
runAsNonRoot: true
runAsGroup: 1000
Expand All @@ -50,15 +50,15 @@ spec:
volumes:
- name: config
configMap:
name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
- name: home
emptyDir: {}
- name: init-script
configMap:
name: {{ tanzu_secrets.hashicorp_vault.init_script }}
name: "{{ tanzu_secrets.hashicorp_vault.init_script }}"
defaultMode: 0750
containers:
- name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
- name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
image: "{{ tanzu_secrets.hashicorp_vault.image }}:{{ tanzu_secrets.hashicorp_vault.image_tag }}"
imagePullPolicy: IfNotPresent
command:
Expand Down Expand Up @@ -167,9 +167,9 @@ apiVersion: v1
kind: Service
metadata:
name: hashicorp-vault
namespace: {{ tanzu_secrets.namespace }}
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
Expand All @@ -184,6 +184,6 @@ spec:
port: 8201
targetPort: 8201
selector:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
component: server
26 changes: 13 additions & 13 deletions roles/components/core/secret-management/hashicorp-vault/templates/server-config-job.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,27 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ tanzu_secrets.hashicorp_vault.config_job.vars_secret }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.vars_secret }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.config_job.vars_secret }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.config_job.vars_secret }}"
app.kubernetes.io/instance: hashicorp
data:
hashicorp_vault_namespace: {{ tanzu_secrets.namespace | b64encode }}
hashicorp_vault_resource_name: {{ tanzu_secrets.hashicorp_vault.resource_name | b64encode }}
hashicorp_vault_policy_name: {{ tanzu_secrets.hashicorp_vault.policy_name | b64encode }}
hashicorp_vault_role_name: {{ tanzu_secrets.hashicorp_vault.role_name | b64encode }}
hashicorp_vault_engine_name: {{ tanzu_secrets.hashicorp_vault.engine_name | b64encode }}
hashicorp_vault_engine_backend: {{ tanzu_secrets.hashicorp_vault.engine_backend | b64encode }}
kubernetes_tcp_address: {{ _kubernetes_tcp_address | b64encode }}
hashicorp_vault_namespace: "{{ tanzu_secrets.namespace | b64encode }}"
hashicorp_vault_resource_name: "{{ tanzu_secrets.hashicorp_vault.resource_name | b64encode }}"
hashicorp_vault_policy_name: "{{ tanzu_secrets.hashicorp_vault.policy_name | b64encode }}"
hashicorp_vault_role_name: "{{ tanzu_secrets.hashicorp_vault.role_name | b64encode }}"
hashicorp_vault_engine_name: "{{ tanzu_secrets.hashicorp_vault.engine_name | b64encode }}"
hashicorp_vault_engine_backend: "{{ tanzu_secrets.hashicorp_vault.engine_backend | b64encode }}"
kubernetes_tcp_address: "{{ _kubernetes_tcp_address | b64encode }}"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ tanzu_secrets.hashicorp_vault.config_job.playbook_config_map }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.playbook_config_map }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.config_job.playbook_config_map }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.config_job.playbook_config_map }}"
app.kubernetes.io/instance: hashicorp
data:
site.yaml: |
Expand Down
12 changes: 6 additions & 6 deletions roles/components/core/secret-management/hashicorp-vault/templates/server-config.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
data:
extraconfig-from-values.hcl: |-
Expand Down Expand Up @@ -36,10 +36,10 @@ data:
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ tanzu_secrets.hashicorp_vault.init_script }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.init_script }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
data:
init-script.sh: |
Expand Down
4 changes: 2 additions & 2 deletions roles/components/core/secret-management/hashicorp-vault/templates/server-ingress.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hashicorp-vault
namespace: {{ tanzu_secrets.namespace }}
namespace: "{{ tanzu_secrets.namespace }}"
annotations:
external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}"
spec:
rules:
- host: {{ tanzu_secrets.dns }}
- host: "{{ tanzu_secrets.dns }}"
http:
paths:
- path: /
Expand Down
38 changes: 19 additions & 19 deletions roles/components/core/secret-management/hashicorp-vault/templates/server-rbac.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,44 +4,44 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
app.kubernetes.io/instance: hashicorp
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
app.kubernetes.io/instance: hashicorp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: {{ tanzu_secrets.hashicorp_vault.resource_name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.resource_name }}"
namespace: "{{ tanzu_secrets.namespace }}"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
app.kubernetes.io/instance: hashicorp
rules:
- apiGroups:
Expand Down Expand Up @@ -72,16 +72,16 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
namespace: "{{ tanzu_secrets.namespace }}"
labels:
app.kubernetes.io/name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
app.kubernetes.io/name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
app.kubernetes.io/instance: hashicorp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
subjects:
- kind: ServiceAccount
name: {{ tanzu_secrets.hashicorp_vault.config_job.name }}
namespace: {{ tanzu_secrets.namespace }}
name: "{{ tanzu_secrets.hashicorp_vault.config_job.name }}"
namespace: "{{ tanzu_secrets.namespace }}"

0 comments on commit 8d8e00f

Please sign in to comment.