Skip to content

Commit

Permalink
Merge pull request #4417 from tyriis/feature/vault-enable-snapshots
Browse files Browse the repository at this point in the history
  • Loading branch information
@jazzlyn
jazzlyn authored Jan 29, 2025
2 parents 8770829 + e879a64 commit e82e1c3
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 25 deletions.
2 changes: 1 addition & 1 deletion kubernetes/kube-nas/apps/secops/vault/app/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Exec in Vault Pod and do the following:
```shell
vault status # running, should be recovery seal type: gcpckms, sealed: true)
vault operator init # initialises with 5 key shares and a key treshold of 3
vault operator unseal # do this 3 times
vault operator unseal # do this 3 times if seal is not gcpckms
vault status # should be recovery seal type: shamir, initialized: true, sealed: false
```

Expand Down
6 changes: 0 additions & 6 deletions kubernetes/kube-nas/apps/secops/vault/app/TODO.md
View file

This file was deleted.

44 changes: 26 additions & 18 deletions kubernetes/kube-nas/apps/secops/vault/flux-sync.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,29 @@ spec:
dependsOn:
- name: csi-driver-nfs
- name: volsync
# ---
# # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
# apiVersion: kustomize.toolkit.fluxcd.io/v1
# kind: Kustomization
# metadata:
# name: vault-snapshots
# namespace: flux-system
# labels:
# substitution.flux.home.arpa/enabled: "true"
# spec:
# interval: 10m
# path: ./kubernetes/kube-nas/apps/secops/vault/snapshots
# prune: true
# sourceRef:
# kind: GitRepository
# name: home-ops
# wait: true
# targetNamespace: secops

---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &appname vault-snapshots
namespace: flux-system
labels:
substitution.flux.home.arpa/enabled: "true"
spec:
targetNamespace: secops
commonMetadata:
labels:
app.kubernetes.io/name: *appname
path: ./kubernetes/kube-nas/apps/secops/vault/snapshots
prune: true
sourceRef:
kind: GitRepository
name: home-ops
wait: true
interval: 30m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: vault

0 comments on commit e82e1c3

Please sign in to comment.