From a5f353126325d871e27024c091c255a7c06de46d Mon Sep 17 00:00:00 2001
From: Lars Kellogg-Stedman <lars@redhat.com>
Date: Fri, 16 Feb 2024 22:28:06 -0500
Subject: [PATCH] Add vault applications

Remove the old vault application and add three new applications:

1. vault-operator -- deploy just the operator [1].
2. vault-instance -- use the vault operator to create a vault instance
   in the vault namespace.
3. vault-backup-job -- deploy the backup job into the vault
   namespace

[1]: https://bank-vaults.dev/docs/operator/

Part-of: nerc-project/operations#446
Part-of: nerc-project/operations#439
---
 clusters/nerc-ocp-infra/kustomization.yaml        |  4 +++-
 .../vault-backup-job/application.yaml             | 15 +++++++++++++++
 .../kustomization.yaml                            |  0
 .../{vault => vault-instance}/application.yaml    |  4 ++--
 .../vault-instance/kustomization.yaml             |  4 ++++
 .../vault-operator/application.yaml               | 15 +++++++++++++++
 .../vault-operator/kustomization.yaml             |  4 ++++
 7 files changed, 43 insertions(+), 3 deletions(-)
 create mode 100644 clusters/nerc-ocp-infra/vault-backup-job/application.yaml
 rename clusters/nerc-ocp-infra/{vault => vault-backup-job}/kustomization.yaml (100%)
 rename clusters/nerc-ocp-infra/{vault => vault-instance}/application.yaml (80%)
 create mode 100644 clusters/nerc-ocp-infra/vault-instance/kustomization.yaml
 create mode 100644 clusters/nerc-ocp-infra/vault-operator/application.yaml
 create mode 100644 clusters/nerc-ocp-infra/vault-operator/kustomization.yaml

diff --git a/clusters/nerc-ocp-infra/kustomization.yaml b/clusters/nerc-ocp-infra/kustomization.yaml
index 1c67bed..d82514b 100644
--- a/clusters/nerc-ocp-infra/kustomization.yaml
+++ b/clusters/nerc-ocp-infra/kustomization.yaml
@@ -8,11 +8,13 @@ resources:
   - ../lib/ceph-exporter
   - dex
   - openshift-gitops
-  - vault
   - acm
   - loki
   - grafana
   - hostpath-provisioner
+  - vault-operator
+  - vault-instance
+  - vault-backup-job
 
 nameSuffix: -infra
 
diff --git a/clusters/nerc-ocp-infra/vault-backup-job/application.yaml b/clusters/nerc-ocp-infra/vault-backup-job/application.yaml
new file mode 100644
index 0000000..ef31d12
--- /dev/null
+++ b/clusters/nerc-ocp-infra/vault-backup-job/application.yaml
@@ -0,0 +1,15 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault-backup-job
+  labels:
+    nerc.mghpcc.org/sync-policy: common
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/ocp-on-nerc/nerc-ocp-config.git
+    targetRevision: HEAD
+    path: vault/backup-job/overlays/nerc-ocp-infra
+  destination:
+    name: nerc-ocp-infra
+    namespace: vault
diff --git a/clusters/nerc-ocp-infra/vault/kustomization.yaml b/clusters/nerc-ocp-infra/vault-backup-job/kustomization.yaml
similarity index 100%
rename from clusters/nerc-ocp-infra/vault/kustomization.yaml
rename to clusters/nerc-ocp-infra/vault-backup-job/kustomization.yaml
diff --git a/clusters/nerc-ocp-infra/vault/application.yaml b/clusters/nerc-ocp-infra/vault-instance/application.yaml
similarity index 80%
rename from clusters/nerc-ocp-infra/vault/application.yaml
rename to clusters/nerc-ocp-infra/vault-instance/application.yaml
index b9e1a75..12d798e 100644
--- a/clusters/nerc-ocp-infra/vault/application.yaml
+++ b/clusters/nerc-ocp-infra/vault-instance/application.yaml
@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: vault
+  name: vault-instance
   labels:
     nerc.mghpcc.org/sync-policy: common
 spec:
@@ -9,7 +9,7 @@ spec:
   source:
     repoURL: https://github.com/ocp-on-nerc/nerc-ocp-config.git
     targetRevision: HEAD
-    path: vault/overlays/nerc-ocp-infra
+    path: vault/instance/overlays/nerc-ocp-infra
   destination:
     name: nerc-ocp-infra
     namespace: vault
diff --git a/clusters/nerc-ocp-infra/vault-instance/kustomization.yaml b/clusters/nerc-ocp-infra/vault-instance/kustomization.yaml
new file mode 100644
index 0000000..1f43d0d
--- /dev/null
+++ b/clusters/nerc-ocp-infra/vault-instance/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml
diff --git a/clusters/nerc-ocp-infra/vault-operator/application.yaml b/clusters/nerc-ocp-infra/vault-operator/application.yaml
new file mode 100644
index 0000000..26e1fa0
--- /dev/null
+++ b/clusters/nerc-ocp-infra/vault-operator/application.yaml
@@ -0,0 +1,15 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: vault-operator
+  labels:
+    nerc.mghpcc.org/sync-policy: common
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/ocp-on-nerc/nerc-ocp-config.git
+    targetRevision: HEAD
+    path: vault/operator/overlays/nerc-ocp-infra
+  destination:
+    name: nerc-ocp-infra
+    namespace: vault-operator
diff --git a/clusters/nerc-ocp-infra/vault-operator/kustomization.yaml b/clusters/nerc-ocp-infra/vault-operator/kustomization.yaml
new file mode 100644
index 0000000..1f43d0d
--- /dev/null
+++ b/clusters/nerc-ocp-infra/vault-operator/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- application.yaml