88 lines
1.9 KiB
YAML
88 lines
1.9 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: openbao
|
|
---
|
|
apiVersion: source.toolkit.fluxcd.io/v1
|
|
kind: HelmRepository
|
|
metadata:
|
|
name: openbao
|
|
namespace: openbao
|
|
spec:
|
|
interval: 24h
|
|
url: https://openbao.github.io/openbao-helm
|
|
---
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: openbao
|
|
namespace: openbao
|
|
spec:
|
|
interval: 30m
|
|
chart:
|
|
spec:
|
|
chart: openbao
|
|
version: 0.26.1
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: openbao
|
|
namespace: openbao
|
|
interval: 12h
|
|
values:
|
|
global:
|
|
tlsDisable: false
|
|
server:
|
|
ha:
|
|
enabled: true
|
|
raft:
|
|
enabled: true
|
|
config: |
|
|
ui = true
|
|
|
|
listener "tcp" {
|
|
tls_disable = 0
|
|
address = "[::]:8200"
|
|
cluster_address = "[::]:8201"
|
|
# Enable unauthenticated metrics access (necessary for Prometheus Operator)
|
|
#telemetry {
|
|
# unauthenticated_metrics_access = "true"
|
|
#}
|
|
|
|
# Enable TLS
|
|
tls_cert_file = "/tls/tls.crt"
|
|
tls_key_file = "/tls/tls.key"
|
|
}
|
|
|
|
storage "raft" {
|
|
path = "/openbao/data"
|
|
}
|
|
|
|
service_registration "kubernetes" {}
|
|
replicas: 1
|
|
# Disable chart's data storage setting and add data volume manually
|
|
dataStorage:
|
|
enabled: false
|
|
volumes:
|
|
# Mount TLS cert to container
|
|
- name: tls
|
|
secret:
|
|
secretName: openbao-lumpiasty-xyz
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: openbao-volume-lvmhdd
|
|
volumeMounts:
|
|
- name: tls
|
|
mountPath: /tls
|
|
readOnly: true
|
|
- name: data
|
|
mountPath: /openbao/data
|
|
service:
|
|
enabled: true
|
|
type: LoadBalancer
|
|
ipFamilyPolicy: RequireDualStack
|
|
csi:
|
|
enabled: true
|
|
injector:
|
|
affinity: ""
|