Initial code commit + initial automation stuff + etc...

values.yaml

@@ -0,0 +1,95 @@
+# Configurations for the vault
+vault:
+  # If a password "vault" should be used
+  # That is, if a dedicated software for secret management should be used
+  # This should virtually always be true as it's the most secure option
+  enabled: true
+
+  # The type of password "vault" (or storage if `enabled` is `false`) to use.
+  # 
+  # Vaults
+  # ------
+  # The following table lists the supported "vault" types:
+  # 
+  # | Type        | Description          | Current Status | Required Fields                                     |
+  # | ----------- | -------------------- | -------------- | --------------------------------------------------- |
+  # | `hashicorp` | Uses Hashicorp Vault | Implemented    | `vaultName` (if `create` not true)                  |
+  # | `azure`     | Uses Azure Key Vault | Implemented    | `vaultName`, `clientId`, `clientSecret`, `tenantId` |
+  # 
+  # Storage
+  # -------
+  # The following table lists the supported storage types.
+  # These are methods OUTSIDE of a dedicated "vault" software.
+  # These are generally **discouraged** as they are less secure.
+  # 
+  # | Type        | Description                     | Current Status | Required Fields  |
+  # | ----------- | ------------------------------- | -------------- | ---------------- |
+  # | `file`      | Uses a file                     | To-Do          | `path`           |
+  # | `mem`       | Uses in-memory (no persistance) | To-Do          | N/A              |
+  #  
+  type: 'hashicorp'
+
+  # The name of the vault instance to connect to
+  # 
+  # This is relevant if type is set to `hashicorp` or `azure`
+  # Note, if `create` is true this is ignored
+  # 
+  # For `hashicorp`, this is generally the hostname of the Hashicorp Vault instance to connect to
+  # For `azure`, this is the name of the Azure Key Vault instance to connect to
+  #vaultName: ''
+
+  # The port of the vault instance to connect to
+  # 
+  # ONLY RELEVANT iF `type` IS SET TO `hashicorp` AND `create` IS NOT TRUE
+  #vaultPort: 8200
+
+  # The client ID of the Azure Key Vault instance
+  # 
+  # ONLY RELEVANT IF `type` IS SET TO `azure`
+  #client-id: ""
+  
+  # The client secret of the Azure Key Vault instance
+  # 
+  # ONLY RELEVANT IF `type` IS SET TO `azure`
+  #client-secret: ""
+  
+  # The tenant ID of the Azure Key Vault instance
+  # 
+  # ONLY RELEVANT IF `type` IS SET TO `azure`
+  #tenant-id: ""
+  
+  # Configurations to create a Hashicorp Vault instance as part of the Helm chart
+  # 
+  # THIS IS ONLY RELEVANT IF `type` IS SET TO `hashicorp`
+  create:
+    # If a Hashicorp Vault instance should be created as part of the Helm chart
+    enabled: true
+
+    # Configurations for the image to use if creating the Hashicorp Vault instance
+    # as part of the Helm chart
+    image:
+      # The repository of the image to use
+      repository: <redacted-private-repo>/ba-custom-hashicorp-vault 
+
+      # The tag of the image to use
+      tag: latest
+    
+    # Configurations for the ingress of the created Hashicorp Vault instance
+    ingress:
+      # If an ingress should be created for the created Hashicorp Vault instance
+      enabled: true
+
+      # The host of the ingress for the created Hashicorp Vault instance
+      host: vault.<redacted-private-hostname>
+    
+    # As part of the custom Hashicorp Vault image it includes a "snapshot server"
+    # This allows for the triggering and receiving of manual backups ("snapshots") and restoration via HTTP
+    snapshotServer:
+      # If the snapshot server should be enabled/running
+      enabled: true
+
+      # The external port that is opened via the service resource
+      externalPort: 81
+
+      # The internal port that the snapshot server listens on
+      internalPort: 8300