From e7cff9d8c176e1352d156e3d591d69950afc2d51 Mon Sep 17 00:00:00 2001 From: Vlad Date: Wed, 26 Nov 2025 10:44:46 +0000 Subject: [PATCH] Add Jenkins, Harbor, Portainer, Vault, ELK, Semaphore manifests --- apps/elk/application.yaml | 20 +++++++++++++ apps/elk/deployment-kibana.yaml | 23 +++++++++++++++ apps/elk/ingress-kibana.yaml | 24 +++++++++++++++ apps/elk/namespace.yaml | 4 +++ apps/elk/service-elasticsearch.yaml | 16 ++++++++++ apps/elk/service-kibana.yaml | 13 +++++++++ apps/elk/statefulset-elasticsearch.yaml | 39 +++++++++++++++++++++++++ apps/harbor/application.yaml | 20 +++++++++++++ apps/harbor/deployment-registry.yaml | 30 +++++++++++++++++++ apps/harbor/ingress-registry.yaml | 24 +++++++++++++++ apps/harbor/namespace.yaml | 4 +++ apps/harbor/pvc-registry.yaml | 11 +++++++ apps/harbor/service-registry.yaml | 13 +++++++++ apps/jenkins/application.yaml | 20 +++++++++++++ apps/jenkins/deployment.yaml | 33 +++++++++++++++++++++ apps/jenkins/ingress.yaml | 24 +++++++++++++++ apps/jenkins/namespace.yaml | 4 +++ apps/jenkins/pvc-jenkins-home.yaml | 11 +++++++ apps/jenkins/service.yaml | 16 ++++++++++ apps/portainer/application.yaml | 20 +++++++++++++ apps/portainer/deployment.yaml | 31 ++++++++++++++++++++ apps/portainer/ingress.yaml | 24 +++++++++++++++ apps/portainer/namespace.yaml | 4 +++ apps/portainer/pvc-portainer.yaml | 11 +++++++ apps/portainer/service.yaml | 16 ++++++++++ apps/semaphore/application.yaml | 20 +++++++++++++ apps/semaphore/deployment.yaml | 34 +++++++++++++++++++++ apps/semaphore/ingress.yaml | 24 +++++++++++++++ apps/semaphore/namespace.yaml | 4 +++ apps/semaphore/pvc-semaphore-data.yaml | 11 +++++++ apps/semaphore/service.yaml | 13 +++++++++ apps/vault/application.yaml | 20 +++++++++++++ apps/vault/deployment.yaml | 33 +++++++++++++++++++++ apps/vault/ingress.yaml | 24 +++++++++++++++ apps/vault/namespace.yaml | 4 +++ apps/vault/pvc-vault.yaml | 11 +++++++ apps/vault/service.yaml | 13 +++++++++ 37 files changed, 666 insertions(+) create mode 100644 apps/elk/application.yaml create mode 100644 apps/elk/deployment-kibana.yaml create mode 100644 apps/elk/ingress-kibana.yaml create mode 100644 apps/elk/namespace.yaml create mode 100644 apps/elk/service-elasticsearch.yaml create mode 100644 apps/elk/service-kibana.yaml create mode 100644 apps/elk/statefulset-elasticsearch.yaml create mode 100644 apps/harbor/application.yaml create mode 100644 apps/harbor/deployment-registry.yaml create mode 100644 apps/harbor/ingress-registry.yaml create mode 100644 apps/harbor/namespace.yaml create mode 100644 apps/harbor/pvc-registry.yaml create mode 100644 apps/harbor/service-registry.yaml create mode 100644 apps/jenkins/application.yaml create mode 100644 apps/jenkins/deployment.yaml create mode 100644 apps/jenkins/ingress.yaml create mode 100644 apps/jenkins/namespace.yaml create mode 100644 apps/jenkins/pvc-jenkins-home.yaml create mode 100644 apps/jenkins/service.yaml create mode 100644 apps/portainer/application.yaml create mode 100644 apps/portainer/deployment.yaml create mode 100644 apps/portainer/ingress.yaml create mode 100644 apps/portainer/namespace.yaml create mode 100644 apps/portainer/pvc-portainer.yaml create mode 100644 apps/portainer/service.yaml create mode 100644 apps/semaphore/application.yaml create mode 100644 apps/semaphore/deployment.yaml create mode 100644 apps/semaphore/ingress.yaml create mode 100644 apps/semaphore/namespace.yaml create mode 100644 apps/semaphore/pvc-semaphore-data.yaml create mode 100644 apps/semaphore/service.yaml create mode 100644 apps/vault/application.yaml create mode 100644 apps/vault/deployment.yaml create mode 100644 apps/vault/ingress.yaml create mode 100644 apps/vault/namespace.yaml create mode 100644 apps/vault/pvc-vault.yaml create mode 100644 apps/vault/service.yaml diff --git a/apps/elk/application.yaml b/apps/elk/application.yaml new file mode 100644 index 0000000..6a52c3e --- /dev/null +++ b/apps/elk/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: elk + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/elk + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: elk + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/elk/deployment-kibana.yaml b/apps/elk/deployment-kibana.yaml new file mode 100644 index 0000000..d95c813 --- /dev/null +++ b/apps/elk/deployment-kibana.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kibana + namespace: elk +spec: + replicas: 1 + selector: + matchLabels: + app: kibana + template: + metadata: + labels: + app: kibana + spec: + containers: + - name: kibana + image: docker.elastic.co/kibana/kibana:8.15.0 + env: + - name: ELASTICSEARCH_HOSTS + value: "http://elasticsearch.elk.svc.cluster.local:9200" + ports: + - containerPort: 5601 diff --git a/apps/elk/ingress-kibana.yaml b/apps/elk/ingress-kibana.yaml new file mode 100644 index 0000000..0078108 --- /dev/null +++ b/apps/elk/ingress-kibana.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kibana + namespace: elk + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - elk.thedevops.dev + secretName: elk-tls + rules: + - host: elk.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kibana + port: + number: 5601 diff --git a/apps/elk/namespace.yaml b/apps/elk/namespace.yaml new file mode 100644 index 0000000..3e7c2ed --- /dev/null +++ b/apps/elk/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: elk diff --git a/apps/elk/service-elasticsearch.yaml b/apps/elk/service-elasticsearch.yaml new file mode 100644 index 0000000..9755b29 --- /dev/null +++ b/apps/elk/service-elasticsearch.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: elasticsearch + namespace: elk +spec: + clusterIP: None + selector: + app: elasticsearch + ports: + - name: http + port: 9200 + targetPort: 9200 + - name: transport + port: 9300 + targetPort: 9300 diff --git a/apps/elk/service-kibana.yaml b/apps/elk/service-kibana.yaml new file mode 100644 index 0000000..1af0226 --- /dev/null +++ b/apps/elk/service-kibana.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: kibana + namespace: elk +spec: + type: ClusterIP + selector: + app: kibana + ports: + - name: http + port: 5601 + targetPort: 5601 diff --git a/apps/elk/statefulset-elasticsearch.yaml b/apps/elk/statefulset-elasticsearch.yaml new file mode 100644 index 0000000..018ba53 --- /dev/null +++ b/apps/elk/statefulset-elasticsearch.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: elasticsearch + namespace: elk +spec: + serviceName: elasticsearch + replicas: 1 + selector: + matchLabels: + app: elasticsearch + template: + metadata: + labels: + app: elasticsearch + spec: + containers: + - name: elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch:8.15.0 + env: + - name: discovery.type + value: single-node + - name: ES_JAVA_OPTS + value: "-Xms1g -Xmx1g" + ports: + - containerPort: 9200 + - containerPort: 9300 + volumeMounts: + - name: elasticsearch-data + mountPath: /usr/share/elasticsearch/data + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 30Gi diff --git a/apps/harbor/application.yaml b/apps/harbor/application.yaml new file mode 100644 index 0000000..070cf94 --- /dev/null +++ b/apps/harbor/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: harbor + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/harbor + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: harbor + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/harbor/deployment-registry.yaml b/apps/harbor/deployment-registry.yaml new file mode 100644 index 0000000..79dc69c --- /dev/null +++ b/apps/harbor/deployment-registry.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: harbor-registry + namespace: harbor +spec: + replicas: 1 + selector: + matchLabels: + app: harbor-registry + template: + metadata: + labels: + app: harbor-registry + spec: + containers: + - name: registry + image: registry:2 + env: + - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY + value: /var/lib/registry + ports: + - containerPort: 5000 + volumeMounts: + - name: registry-data + mountPath: /var/lib/registry + volumes: + - name: registry-data + persistentVolumeClaim: + claimName: harbor-registry diff --git a/apps/harbor/ingress-registry.yaml b/apps/harbor/ingress-registry.yaml new file mode 100644 index 0000000..f2b6c78 --- /dev/null +++ b/apps/harbor/ingress-registry.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: harbor-registry + namespace: harbor + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - harbor.thedevops.dev + secretName: harbor-tls + rules: + - host: harbor.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: harbor-registry + port: + number: 5000 diff --git a/apps/harbor/namespace.yaml b/apps/harbor/namespace.yaml new file mode 100644 index 0000000..0a27fb7 --- /dev/null +++ b/apps/harbor/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: harbor diff --git a/apps/harbor/pvc-registry.yaml b/apps/harbor/pvc-registry.yaml new file mode 100644 index 0000000..fc4aa4e --- /dev/null +++ b/apps/harbor/pvc-registry.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-registry + namespace: harbor +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 50Gi diff --git a/apps/harbor/service-registry.yaml b/apps/harbor/service-registry.yaml new file mode 100644 index 0000000..a4a8e82 --- /dev/null +++ b/apps/harbor/service-registry.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: harbor-registry + namespace: harbor +spec: + type: ClusterIP + selector: + app: harbor-registry + ports: + - name: registry + port: 5000 + targetPort: 5000 diff --git a/apps/jenkins/application.yaml b/apps/jenkins/application.yaml new file mode 100644 index 0000000..76592d8 --- /dev/null +++ b/apps/jenkins/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: jenkins + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/jenkins + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: jenkins + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/jenkins/deployment.yaml b/apps/jenkins/deployment.yaml new file mode 100644 index 0000000..22f233a --- /dev/null +++ b/apps/jenkins/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins + namespace: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app: jenkins + template: + metadata: + labels: + app: jenkins + spec: + securityContext: + fsGroup: 1000 + containers: + - name: jenkins + image: jenkins/jenkins:lts-jdk17 + ports: + - containerPort: 8080 + - containerPort: 50000 + env: + - name: JENKINS_OPTS + value: "--httpPort=8080" + volumeMounts: + - name: jenkins-home + mountPath: /var/jenkins_home + volumes: + - name: jenkins-home + persistentVolumeClaim: + claimName: jenkins-home diff --git a/apps/jenkins/ingress.yaml b/apps/jenkins/ingress.yaml new file mode 100644 index 0000000..d8e6945 --- /dev/null +++ b/apps/jenkins/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: jenkins + namespace: jenkins + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - jenkins.thedevops.dev + secretName: jenkins-tls + rules: + - host: jenkins.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jenkins + port: + number: 8080 diff --git a/apps/jenkins/namespace.yaml b/apps/jenkins/namespace.yaml new file mode 100644 index 0000000..5eb2c27 --- /dev/null +++ b/apps/jenkins/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jenkins diff --git a/apps/jenkins/pvc-jenkins-home.yaml b/apps/jenkins/pvc-jenkins-home.yaml new file mode 100644 index 0000000..ae7696a --- /dev/null +++ b/apps/jenkins/pvc-jenkins-home.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jenkins-home + namespace: jenkins +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 20Gi diff --git a/apps/jenkins/service.yaml b/apps/jenkins/service.yaml new file mode 100644 index 0000000..84e3bf1 --- /dev/null +++ b/apps/jenkins/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: jenkins + namespace: jenkins +spec: + type: ClusterIP + selector: + app: jenkins + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: agent + port: 50000 + targetPort: 50000 diff --git a/apps/portainer/application.yaml b/apps/portainer/application.yaml new file mode 100644 index 0000000..6a257b3 --- /dev/null +++ b/apps/portainer/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: portainer + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/portainer + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: portainer + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/portainer/deployment.yaml b/apps/portainer/deployment.yaml new file mode 100644 index 0000000..ed5d2db --- /dev/null +++ b/apps/portainer/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: portainer + namespace: portainer +spec: + replicas: 1 + selector: + matchLabels: + app: portainer + template: + metadata: + labels: + app: portainer + spec: + containers: + - name: portainer + image: portainer/portainer-ce:latest + args: + - "--http-enabled" + - "--http-bind-address=0.0.0.0" + ports: + - containerPort: 9443 + - containerPort: 8000 + volumeMounts: + - name: portainer-data + mountPath: /data + volumes: + - name: portainer-data + persistentVolumeClaim: + claimName: portainer-data diff --git a/apps/portainer/ingress.yaml b/apps/portainer/ingress.yaml new file mode 100644 index 0000000..11b247c --- /dev/null +++ b/apps/portainer/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: portainer + namespace: portainer + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - portainer.thedevops.dev + secretName: portainer-tls + rules: + - host: portainer.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: portainer + port: + number: 9443 diff --git a/apps/portainer/namespace.yaml b/apps/portainer/namespace.yaml new file mode 100644 index 0000000..aec7989 --- /dev/null +++ b/apps/portainer/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: portainer diff --git a/apps/portainer/pvc-portainer.yaml b/apps/portainer/pvc-portainer.yaml new file mode 100644 index 0000000..ba70de1 --- /dev/null +++ b/apps/portainer/pvc-portainer.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: portainer-data + namespace: portainer +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 5Gi diff --git a/apps/portainer/service.yaml b/apps/portainer/service.yaml new file mode 100644 index 0000000..33b0050 --- /dev/null +++ b/apps/portainer/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: portainer + namespace: portainer +spec: + type: ClusterIP + selector: + app: portainer + ports: + - name: https + port: 9443 + targetPort: 9443 + - name: edge + port: 8000 + targetPort: 8000 diff --git a/apps/semaphore/application.yaml b/apps/semaphore/application.yaml new file mode 100644 index 0000000..2856aac --- /dev/null +++ b/apps/semaphore/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: semaphore + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/semaphore + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: semaphore + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/semaphore/deployment.yaml b/apps/semaphore/deployment.yaml new file mode 100644 index 0000000..b192dea --- /dev/null +++ b/apps/semaphore/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: semaphore + namespace: semaphore +spec: + replicas: 1 + selector: + matchLabels: + app: semaphore + template: + metadata: + labels: + app: semaphore + spec: + containers: + - name: semaphore + image: semaphoreui/semaphore:latest + env: + - name: SEMAPHORE_DB_DIALECT + value: bolt + - name: SEMAPHORE_DB_PATH + value: /var/lib/semaphore/semaphore.db + - name: SEMAPHORE_PLAYBOOK_PATH + value: /tmp/semaphore/ + ports: + - containerPort: 3000 + volumeMounts: + - name: semaphore-data + mountPath: /var/lib/semaphore + volumes: + - name: semaphore-data + persistentVolumeClaim: + claimName: semaphore-data diff --git a/apps/semaphore/ingress.yaml b/apps/semaphore/ingress.yaml new file mode 100644 index 0000000..20fa4ca --- /dev/null +++ b/apps/semaphore/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: semaphore + namespace: semaphore + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - semaphore.thedevops.dev + secretName: semaphore-tls + rules: + - host: semaphore.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: semaphore + port: + number: 3000 diff --git a/apps/semaphore/namespace.yaml b/apps/semaphore/namespace.yaml new file mode 100644 index 0000000..8d0551c --- /dev/null +++ b/apps/semaphore/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: semaphore diff --git a/apps/semaphore/pvc-semaphore-data.yaml b/apps/semaphore/pvc-semaphore-data.yaml new file mode 100644 index 0000000..5474e67 --- /dev/null +++ b/apps/semaphore/pvc-semaphore-data.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: semaphore-data + namespace: semaphore +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 10Gi diff --git a/apps/semaphore/service.yaml b/apps/semaphore/service.yaml new file mode 100644 index 0000000..50f09c7 --- /dev/null +++ b/apps/semaphore/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: semaphore + namespace: semaphore +spec: + type: ClusterIP + selector: + app: semaphore + ports: + - name: http + port: 3000 + targetPort: 3000 diff --git a/apps/vault/application.yaml b/apps/vault/application.yaml new file mode 100644 index 0000000..6ac75cc --- /dev/null +++ b/apps/vault/application.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vault + namespace: argocd +spec: + project: default + source: + repoURL: http://gitea-http.gitea.svc.cluster.local:3000/admin/k3s-gitops + path: apps/vault + targetRevision: HEAD + destination: + server: https://kubernetes.default.svc + namespace: vault + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/vault/deployment.yaml b/apps/vault/deployment.yaml new file mode 100644 index 0000000..67e4db1 --- /dev/null +++ b/apps/vault/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vault + namespace: vault +spec: + replicas: 1 + selector: + matchLabels: + app: vault + template: + metadata: + labels: + app: vault + spec: + containers: + - name: vault + image: hashicorp/vault:1.17 + args: + - "server" + env: + - name: VAULT_LOCAL_CONFIG + value: | + {"backend": {"file": {"path": "/vault/file"}}, "listener": {"tcp": {"address": "0.0.0.0:8200", "tls_disable": 1}}, "ui": true} + ports: + - containerPort: 8200 + volumeMounts: + - name: vault-data + mountPath: /vault/file + volumes: + - name: vault-data + persistentVolumeClaim: + claimName: vault-data diff --git a/apps/vault/ingress.yaml b/apps/vault/ingress.yaml new file mode 100644 index 0000000..a119318 --- /dev/null +++ b/apps/vault/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vault + namespace: vault + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt-http +spec: + tls: + - hosts: + - vault.thedevops.dev + secretName: vault-tls + rules: + - host: vault.thedevops.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vault + port: + number: 8200 diff --git a/apps/vault/namespace.yaml b/apps/vault/namespace.yaml new file mode 100644 index 0000000..0158c8f --- /dev/null +++ b/apps/vault/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vault diff --git a/apps/vault/pvc-vault.yaml b/apps/vault/pvc-vault.yaml new file mode 100644 index 0000000..5ab229d --- /dev/null +++ b/apps/vault/pvc-vault.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vault-data + namespace: vault +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn + resources: + requests: + storage: 10Gi diff --git a/apps/vault/service.yaml b/apps/vault/service.yaml new file mode 100644 index 0000000..9596504 --- /dev/null +++ b/apps/vault/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: vault + namespace: vault +spec: + type: ClusterIP + selector: + app: vault + ports: + - name: http + port: 8200 + targetPort: 8200