Add vault to brusnika clusters

clusters/brusnika-prod/helm-repositories.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: yc-oci-charts
+  namespace: flux-system
+spec:
+  type: oci
+  interval: 10m0s
+  url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts
+  secretRef:
+    name: yc-cr-auth

clusters/brusnika-prod/infrastructure/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../infrastructure/vault
+  - ./vault-ingress.yaml
+patches:
+  - path: ./patches/vault.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: vault
+      namespace: vault

clusters/brusnika-prod/infrastructure/patches/vault.yaml

@@ -0,0 +1,12 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vault
+  namespace: vault
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    server:
+      dataStorage:
+        storageClass: local-path

clusters/brusnika-prod/infrastructure/vault-ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vault
+  namespace: vault
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: vault.prod.brusnika.sarex.lonsdaleites.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vault-vault-contour
+                port:
+                  number: 8200
+  tls:
+    - hosts:
+        - vault.prod.brusnika.sarex.lonsdaleites.ru
+      secretName: vault-prod-tls

clusters/brusnika-prod/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./flux-system
+  - ./helm-repositories.yaml
+  - ./infrastructure
+  - ./test-flux-service.yaml

clusters/brusnika-stage/helm-repositories.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: yc-oci-charts
+  namespace: flux-system
+spec:
+  type: oci
+  interval: 10m0s
+  url: oci://cr.yandex/crp3ccidau046kdj8g9q/charts
+  secretRef:
+    name: yc-cr-auth

clusters/brusnika-stage/infrastructure/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../infrastructure/vault
+  - ./vault-ingress.yaml
+patches:
+  - path: ./patches/vault.yaml
+    target:
+      group: helm.toolkit.fluxcd.io
+      version: v2
+      kind: HelmRelease
+      name: vault
+      namespace: vault

clusters/brusnika-stage/infrastructure/patches/vault.yaml

@@ -0,0 +1,12 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: vault
+  namespace: vault
+spec:
+  interval: 5m
+  timeout: 10m
+  values:
+    server:
+      dataStorage:
+        storageClass: local-path

clusters/brusnika-stage/infrastructure/vault-ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vault
+  namespace: vault
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: vault.stage.brusnika.sarex.lonsdaleites.ru
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: vault-vault-contour
+                port:
+                  number: 8200
+  tls:
+    - hosts:
+        - vault.stage.brusnika.sarex.lonsdaleites.ru
+      secretName: vault-stage-tls

clusters/brusnika-stage/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./flux-system
+  - ./helm-repositories.yaml
+  - ./infrastructure
+  - ./test-service.yaml