-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from mojaloop/add-k8s-netmaker-network
add functionality to support tenancy vault
- Loading branch information
Showing
27 changed files
with
363 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 0 additions & 29 deletions
29
mojaloop/iac/roles/argocd/templates/external-secretstore-gitlab.yaml.j2
This file was deleted.
Oops, something went wrong.
63 changes: 63 additions & 0 deletions
63
mojaloop/iac/roles/argocd/templates/external-secretstore.yaml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: gitlab-secret | ||
namespace: {{ external_secrets_namespace }} | ||
labels: | ||
type: gitlab | ||
type: Opaque | ||
stringData: | ||
token: "{{ repo_password }}" | ||
|
||
--- | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: vault-secret | ||
namespace: {{ external_secrets_namespace }} | ||
labels: | ||
type: vault | ||
type: Opaque | ||
stringData: | ||
token: "{{ tenant_vault_token }}" | ||
|
||
--- | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ClusterSecretStore | ||
metadata: | ||
name: gitlab-secret-store | ||
spec: | ||
provider: | ||
# provider type: gitlab | ||
gitlab: | ||
url: {{ gitlab_server_url }} | ||
auth: | ||
SecretRef: | ||
accessToken: | ||
name: gitlab-secret | ||
namespace: {{ external_secrets_namespace }} | ||
key: token | ||
projectID: "{{ gitlab_project_id }}" | ||
inheritFromGroups: true | ||
|
||
--- | ||
apiVersion: external-secrets.io/v1beta1 | ||
kind: ClusterSecretStore | ||
metadata: | ||
name: tenant-vault-secret-store | ||
spec: | ||
provider: | ||
vault: | ||
server: {{ tenant_vault_server_url }} | ||
path: "secret" | ||
# Version is the Vault KV secret engine version. | ||
# This can be either "v1" or "v2", defaults to "v2" | ||
version: "v2" | ||
auth: | ||
# points to a secret that contains a vault token | ||
# https://www.vaultproject.io/docs/auth/token | ||
tokenSecretRef: | ||
name: vault-secret | ||
namespace: {{ external_secrets_namespace }} | ||
key: token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
haproxy_version: 2.8 | ||
seaweedfs_s3_listening_port: 8333 | ||
nexus_docker_repo_listening_port: 8082 | ||
local_vault_listening_port: 8200 | ||
vault_listening_port: 443 | ||
nexus_fqdn: private_ip | ||
seaweedfs_fqdn: private_ip | ||
vault_fqdn: private_ip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
- name: "restart haproxy" | ||
systemd: | ||
name: "haproxy" | ||
state: restarted | ||
force: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
- name: Install software-properties-common | ||
package: | ||
name: | ||
- software-properties-common | ||
state: present | ||
|
||
- name: Update apt cache | ||
shell: apt update | ||
|
||
- apt_repository: | ||
repo: "ppa:vbernat/haproxy-{{ haproxy_version }}" | ||
state: present | ||
|
||
- name: Update apt cache | ||
shell: apt update | ||
|
||
- name: Install haproxy | ||
package: | ||
name: | ||
- haproxy | ||
state: present | ||
|
||
- name: copy haproxy conf | ||
template: | ||
src: haproxy.cfg.j2 | ||
dest: /etc/haproxy/haproxy.cfg | ||
owner: root | ||
group: root | ||
mode: '0640' | ||
notify: restart haproxy | ||
|
||
- name: "set haproxy to auto restart" | ||
systemd: | ||
enabled: true | ||
daemon_reload: true | ||
name: "haproxy" | ||
state: started | ||
force: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
- include_tasks: install.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
defaults | ||
timeout connect 5000 | ||
timeout client 50000 | ||
timeout server 50000 | ||
frontend seaweed | ||
bind :{{ seaweedfs_s3_listening_port }} | ||
default_backend seaweed | ||
|
||
frontend nexus | ||
bind :{{ nexus_docker_repo_listening_port }} | ||
default_backend nexus | ||
|
||
frontend vault | ||
mode tcp | ||
bind :{{ local_vault_listening_port }} | ||
default_backend vault | ||
|
||
backend seaweed | ||
server seaweed {{ seaweedfs_fqdn }}:{{ seaweedfs_s3_listening_port }} | ||
|
||
backend nexus | ||
server nexus {{ nexus_fqdn }}:{{ nexus_docker_repo_listening_port }} | ||
|
||
backend vault | ||
mode tcp | ||
server vault {{ vault_fqdn }}:{{ vault_listening_port }} ssl verify none |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
netmaker_root_dir: /root/netmaker-compose | ||
netmaker_image_version: 0.18.7 | ||
netclient_enrollment_key: cntrlctr-bastion | ||
netmaker_join_token: null | ||
enrollment_key_list_file_location: /tmp/keylist.json | ||
netclient_enrollment_keys: ["cntrlctr-ops"] | ||
netmaker_join_tokens: [] | ||
netmaker_enrollment_key_list_file_location: /tmp/keylist.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.