From 10b6ef51c302d3fe65c39b1ba2c3ab5919e24534 Mon Sep 17 00:00:00 2001 From: Kochetkov S Date: Mon, 8 Jun 2026 11:25:27 +0300 Subject: [PATCH] Deploy Vault to yc-infra-prod --- clusters/yc-infra-prod/helm-repositories.yaml | 12 ++++++++ .../infrastructure/kustomization.yaml | 12 ++++++++ .../infrastructure/patches/vault.yaml | 30 +++++++++++++++++++ clusters/yc-infra-prod/kustomization.yaml | 6 ++++ infrastructure/vault/base/helmrelease.yaml | 2 +- 5 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 clusters/yc-infra-prod/helm-repositories.yaml create mode 100644 clusters/yc-infra-prod/infrastructure/kustomization.yaml create mode 100644 clusters/yc-infra-prod/infrastructure/patches/vault.yaml create mode 100644 clusters/yc-infra-prod/kustomization.yaml diff --git a/clusters/yc-infra-prod/helm-repositories.yaml b/clusters/yc-infra-prod/helm-repositories.yaml new file mode 100644 index 0000000..bbdeea6 --- /dev/null +++ b/clusters/yc-infra-prod/helm-repositories.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: yc-oci-charts + namespace: flux-system +spec: + type: oci + interval: 10m0s + url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts + secretRef: + name: yc-cr-auth diff --git a/clusters/yc-infra-prod/infrastructure/kustomization.yaml b/clusters/yc-infra-prod/infrastructure/kustomization.yaml new file mode 100644 index 0000000..b741fc9 --- /dev/null +++ b/clusters/yc-infra-prod/infrastructure/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../infrastructure/vault +patches: + - path: ./patches/vault.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: vault + namespace: vault diff --git a/clusters/yc-infra-prod/infrastructure/patches/vault.yaml b/clusters/yc-infra-prod/infrastructure/patches/vault.yaml new file mode 100644 index 0000000..77a8daa --- /dev/null +++ b/clusters/yc-infra-prod/infrastructure/patches/vault.yaml @@ -0,0 +1,30 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vault + namespace: vault +spec: + interval: 5m + timeout: 15m + values: + global: + namespace: vault + autounseal: + transit: + address: "https://vault-unseal.infra.sarex.io" + keyName: "vault-infra-prod" + mountPath: "transit/" + tlsSkipVerify: false + secret: + name: "vault-transit-autounseal" + backup: + schedule: "0 * * * *" + secret: + name: "vault-backup-s3" + endpoint: "https://storage.yandexcloud.net" + prefix: "vault/yc-infra-prod/raft-snapshots" + server: + dataStorage: + size: 20Gi + ha: + replicas: 3 diff --git a/clusters/yc-infra-prod/kustomization.yaml b/clusters/yc-infra-prod/kustomization.yaml new file mode 100644 index 0000000..a8384a3 --- /dev/null +++ b/clusters/yc-infra-prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./flux-system + - ./helm-repositories.yaml + - ./infrastructure diff --git a/infrastructure/vault/base/helmrelease.yaml b/infrastructure/vault/base/helmrelease.yaml index 6ff485f..3bdf75c 100644 --- a/infrastructure/vault/base/helmrelease.yaml +++ b/infrastructure/vault/base/helmrelease.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: vault-contour - version: "0.1.0" + version: "0.2.0" sourceRef: kind: HelmRepository name: yc-oci-charts