K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
137 Commits 1 Branch 0 Tags
8f449666b5714b011109fd2075ecc40fe6561610
Commit Graph

8 Commits

Author SHA1 Message Date
Mayne0213
6fbf2b16c2 REFACTOR(vault): move resources to manifests 
- Move additional resources to manifests/ folder
- Separate from Helm chart configuration
 2026-01-06 01:38:33 +09:00
Mayne0213
207351a932 FEAT(postgresql): configure vault 
- to use externalsecret for postgresq...
- Add ExternalSecret to pull vault config from Vault itself
- Add RBAC for vault token reviewer (kubernetes auth)
- Update helm-values to mount secret as config
- Connection string is now stored in Vault, not in git
 2026-01-04 23:41:39 +09:00
Mayne0213
a2682e292b REFACTOR(goldilocks): use managedNamespaceMetadata for namespace labels 
- Remove namespace.yaml files
- Add managedNamespaceMetadata with Goldilocks label
- Set CreateNamespace=true in syncOptions
- Update kustomization.yaml to remove namespace.yaml references
 2026-01-04 23:41:39 +09:00
Mayne0213
09f08fba75 FEAT(cert-manager): integrate cert-manager, Vault, Velero 
- Add cert-manager configuration
- Add Vault and Velero integration
 2026-01-04 23:41:39 +09:00
Mayne0213
34a1c9f783 REFACTOR(repo): restructure infra folder structure 
- Remove argocd/, helm-values/, ingress/ subdirectories
- Move files to parent directory with standardized names
- Add namespace.yaml to all apps with Goldilocks labels
- Preserve vault/ subdirectories (falco, velero)
- Update main kustomization.yaml to reference argocd.yaml files directly
- Comment out argocd.yaml in each app's kustomization.yaml to prevent
  circular reference

Applications restructured:
- cert-manager (2 ArgoCD apps)
- external-secrets
- reloader
- vault (2 ArgoCD apps)
- velero (2 ArgoCD apps)
- falco
- cnpg
- haproxy
- metallb
- vpa
- argocd
 2026-01-04 23:41:39 +09:00
Mayne0213
c8f945034e REFACTOR(postgresql): change vault from dev 
- to production mode with P...
- Disabled dev mode
- Added standalone mode with PostgreSQL storage backend
- Connected to postgresql-cnpg cluster (vault database)
- Added environment variable for PostgreSQL password from secret
- Increased resource limits (cpu: 100m, memory: 256Mi)
 2026-01-04 23:41:39 +09:00
Mayne0213
fa24f224ee FEAT(vault): add clustersecretstore 
- for vault-backend
- Create cluster-wide secret store for External Secrets Operator
- Configure Kubernetes auth with external-secrets service account
- Enable all namespaces to access Vault secrets via ClusterSecretStore
 2026-01-04 23:41:39 +09:00
Mayne0213
2a89801d5e INIT(repo): cluster infrastructure setup 2025-12-17 15:04:56 +09:00