khuedoan.com / cloudlab
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

style(bootstrap): format

Khue Doan 5f01fab3 407aa4fc

+25 -25
+25 -25
infra/.modules/bootstrap/vault.tf
··· 89 89 kind = "Vault" 90 90 spec = { 91 91 spec = { 92 - size = 1 93 - image = "docker.io/hashicorp/vault:1.20.2" 92 + size = 1 93 + image = "docker.io/hashicorp/vault:1.20.2" 94 94 serviceAccount = "vault" 95 95 config = { 96 96 storage = { ··· 100 100 } 101 101 listener = { 102 102 tcp = { 103 - address = "0.0.0.0:8200" 103 + address = "0.0.0.0:8200" 104 104 tls_disable = true 105 105 } 106 106 } ··· 135 135 { 136 136 # TODO optimize this 137 137 name = "default" 138 - bound_service_account_names: ["default"] 139 - bound_service_account_namespaces: ["default"] 140 - policies: ["allow_secrets"] 141 - ttl: "1h" 138 + bound_service_account_names = ["default"] 139 + bound_service_account_namespaces = ["default"] 140 + policies = ["allow_secrets"] 141 + ttl = "1h" 142 142 } 143 143 ] 144 144 } ··· 146 146 } 147 147 volumes = [{ 148 148 name = "vault-data" 149 - persistentVolumeClaim : { 150 - claimName : "vault-data" 149 + persistentVolumeClaim = { 150 + claimName = "vault-data" 151 151 } 152 152 }] 153 - volumeMounts : [{ 153 + volumeMounts = [{ 154 154 name = "vault-data" 155 155 mountPath = "/vault/data" 156 156 }] ··· 172 172 } 173 173 } 174 174 } 175 - path = "/" 175 + path = "/" 176 176 pathType = "Prefix" 177 177 }] 178 178 } 179 179 }] 180 180 tls = [{ 181 - hosts = ["vault.${var.cluster_domain}"] 181 + hosts = ["vault.${var.cluster_domain}"] 182 182 secretName = "vault-tls-certificate" 183 183 }] 184 184 } ··· 197 197 rules = [{ 198 198 apiGroups = [""] 199 199 resources = ["secrets"] 200 - verbs = ["*"] 201 - }, { 200 + verbs = ["*"] 201 + }, { 202 202 apiGroups = [""] 203 203 resources = ["pods"] 204 - verbs = ["get", "update", "patch"] 204 + verbs = ["get", "update", "patch"] 205 205 }] 206 206 } 207 207 } 208 208 bindings = { 209 209 namespace = { 210 210 forceRename = "vault" 211 - type = "RoleBinding" 211 + type = "RoleBinding" 212 212 roleRef = { 213 213 apiGroup = "rbac.authorization.k8s.io" 214 - kind = "Role" 215 - name = "vault" 214 + kind = "Role" 215 + name = "vault" 216 216 } 217 217 subjects = [{ 218 - kind = "ServiceAccount" 218 + kind = "ServiceAccount" 219 219 namespace = "{{ .Release.Namespace }}" 220 - name = "vault" 220 + name = "vault" 221 221 }] 222 222 } 223 223 cluster = { 224 224 forceRename = "vault" 225 - type = "ClusterRoleBinding" 225 + type = "ClusterRoleBinding" 226 226 roleRef = { 227 227 apiGroup = "rbac.authorization.k8s.io" 228 - kind = "ClusterRole" 229 - name = "system:auth-delegator" 228 + kind = "ClusterRole" 229 + name = "system:auth-delegator" 230 230 } 231 231 subjects = [{ 232 - kind = "ServiceAccount" 232 + kind = "ServiceAccount" 233 233 namespace = "{{ .Release.Namespace }}" 234 - name = "vault" 234 + name = "vault" 235 235 }] 236 236 } 237 237 }