Feat/add simple vault example

simple-with-vault-secrets/.kluctl.yml

@@ -0,0 +1,19 @@
+targets:
+  - name: simple
+    context: kind-kind
+    args:
+      environment: simple
+    sealingConfig:
+      secretSets:
+        - simple
+
+secretsConfig:
+  sealedSecrets:
+    namespace: simple
+    controllerName: sealed-secrets-controller
+  secretSets:
+    - name: simple
+      vars:
+        - vault:
+            address: http://localhost:8200
+            path: secret/data/simple

simple-with-vault-secrets/README.md

@@ -0,0 +1,26 @@
+# start local vault
+
+For this example, we start a Vault service locally, which we equip with a secret
+
+```bash
+VAULT_TOKEN=admintoken
+docker run -p 8200:8200 --cap-add=IPC_LOCK -d -e "VAULT_DEV_ROOT_TOKEN_ID=${VAULT_TOKEN}" --name=dev-vault vault
+curl \
+    -H "X-Vault-Token:  ${VAULT_TOKEN}" \
+    -H "X-Vault-Request: true" \
+    -H "Content-Type: application/json" \
+    -X POST \
+    -d '{"data":{"secrets": {"database": {"password": "password","username": "admin"}}}}' \ 
+    http://127.0.0.1:8200/v1/secret/data/simple
+```
+![vault-example.png](vault-example.png)
+```json
+{
+  "secrets": {
+    "database": {
+      "password": "password",
+      "username": "admin"
+    }
+  }
+}
+```

simple-with-vault-secrets/deployment.yml

@@ -0,0 +1,12 @@
+sealedSecrets:
+  outputPattern: "{{ target.name }}"
+
+deployments:
+  - include: deployment
+
+commonLabels:
+  examples.kluctl.io/environment: "{{ args.environment }}"
+  examples.kluctl.io/deployment-project: k8s-deployment-simple
+
+args:
+  - name: environment

simple-with-vault-secrets/deployment/deployment.yml

@@ -0,0 +1,6 @@
+deployments:
+  - path: sealed-secrets-operator
+  - barrier: true
+  - path: mongodb
+
+overrideNamespace: "{{ args.environment }}"

simple-with-vault-secrets/deployment/mongodb/deploy.yml

@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongodb-deployment
+  labels:
+    app: mongodb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      containers:
+        - name: mongodb
+          image: mongo:5
+          ports:
+            - containerPort: 27017
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: db-secrets
+                  key: DB_USERNAME
+                  optional: false
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: db-secrets
+                  key: DB_PASSWORD
+                  optional: false
+

simple-with-vault-secrets/deployment/mongodb/kustomization.yml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - mongo-secrets.yml
+  - namespace.yml
+  - deploy.yml

simple-with-vault-secrets/deployment/mongodb/mongo-secrets.yml.sealme

@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: db-secrets
+  namespace: {{ args.environment }}
+stringData:
+  DB_USERNAME: {{ secrets.database.username }}
+  DB_PASSWORD: {{ secrets.database.password }}

simple-with-vault-secrets/deployment/mongodb/namespace.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: "{{ args.environment }}"

simple-with-vault-secrets/deployment/sealed-secrets-operator/charts/sealed-secrets/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

simple-with-vault-secrets/deployment/sealed-secrets-operator/charts/sealed-secrets/Chart.yaml

@@ -0,0 +1,19 @@
+annotations:
+  category: DeveloperTools
+apiVersion: v2
+appVersion: v0.17.5
+description: Helm chart for the sealed-secrets controller.
+home: https://github.com/bitnami-labs/sealed-secrets
+icon: https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png
+keywords:
+- secrets
+- sealed-secrets
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: [email protected]
+  name: Bitnami
+- email: [email protected]
+  name: mkmik
+name: sealed-secrets
+type: application
+version: 2.1.6

simple-with-vault-secrets/deployment/sealed-secrets-operator/charts/sealed-secrets/crds/sealedsecret-crd.yaml

@@ -0,0 +1,27 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: sealedsecrets.bitnami.com
+spec:
+  group: bitnami.com
+  names:
+    kind: SealedSecret
+    listKind: SealedSecretList
+    plural: sealedsecrets
+    singular: sealedsecret
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true