Pavan Kumar pavan-kumar-99

## vault-csi-sync.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: vault-credentials
spec:
  provider: vault
  secretObjects:
  - data:
    - key: user
      objectName: user

## vault-csi.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: vault-user-creds
spec:
  provider: vault
  parameters:
    roleName: 'csi-kv'
    vaultAddress: 'http://vault:8200'
    objects: |

## vault_install_csi.sh
helm repo add hashicorp https://helm.releases.hashicorp.com

helm repo update

helm install vault hashicorp/vault \
    --set "server.dev.enabled=true" \
    --set "injector.enabled=false" \
    --set "csi.enabled=true"

## vault-secret-store.yaml
---
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
  name: vault-db-creds
spec:
  # Vault CSI Provider
  provider: vault
  parameters:
    # Vault role name to use during login

## vault_csi_install.sh
## ADD Helm Repo
helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts

## Install the chart
helm install csi secrets-store-csi-driver/secrets-store-csi-driver

## vault_kv_k8s_auth.sh
$ kubectl exec -it vault-0 -- /bin/sh

$ vault login root

$ vault secrets enable -version=1 kv

$ vault auth enable kubernetes

$ vault write auth/kubernetes/config token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

## vault-pki-injector.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    vault.hashicorp.com/agent-inject: "true"
    vault.hashicorp.com/agent-init-first: "true"
    vault.hashicorp.com/agent-inject-secret-server.key: "pki/issue/bettercallpavan"
    vault.hashicorp.com/agent-inject-template-server.key: |
      {{- with secret "pki/issue/bettercallpavan" "common_name=test.betetrcallpavan.com" -}}
      {{ .Data.private_key }}

## workflow.yaml
on:
  pull_request:
    branches:
      - infracost
jobs:
  infracost:
    runs-on: ubuntu-latest
    env:
      working-directory: ec2/

## nginx
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.

## atlantis.yaml
version: 3
automerge: true
delete_source_branch_on_merge: true
parallel_plan: true
parallel_apply: true
projects:
- name: ec2
  dir: ./ec2
  workspace: default
  terraform_version: v1.1.1
	apiVersion: secrets-store.csi.x-k8s.io/v1
	kind: SecretProviderClass
	metadata:
	name: vault-credentials
	spec:
	provider: vault
	secretObjects:
	- data:
	- key: user
	objectName: user
	helm repo add hashicorp https://helm.releases.hashicorp.com

	helm repo update

	helm install vault hashicorp/vault \
	--set "server.dev.enabled=true" \
	--set "injector.enabled=false" \
	--set "csi.enabled=true"
	## ADD Helm Repo
	helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts

	## Install the chart
	helm install csi secrets-store-csi-driver/secrets-store-csi-driver
	$ kubectl exec -it vault-0 -- /bin/sh

	$ vault login root

	$ vault secrets enable -version=1 kv

	$ vault auth enable kubernetes

	$ vault write auth/kubernetes/config token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	apiVersion: v1
	kind: Pod
	metadata:
	annotations:
	vault.hashicorp.com/agent-inject: "true"
	vault.hashicorp.com/agent-init-first: "true"
	vault.hashicorp.com/agent-inject-secret-server.key: "pki/issue/bettercallpavan"
	vault.hashicorp.com/agent-inject-template-server.key: \|
	{{- with secret "pki/issue/bettercallpavan" "common_name=test.betetrcallpavan.com" -}}
	{{ .Data.private_key }}
	on:
	pull_request:
	branches:
	- infracost
	jobs:
	infracost:
	runs-on: ubuntu-latest
	env:
	working-directory: ec2/
	##
	# You should look at the following URL's in order to grasp a solid understanding
	# of Nginx configuration files in order to fully unleash the power of Nginx.
	# https://www.nginx.com/resources/wiki/start/
	# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
	# https://wiki.debian.org/Nginx/DirectoryStructure
	#
	# In most cases, administrators will remove this file from sites-enabled/ and
	# leave it as reference inside of sites-available where it will continue to be
	# updated by the nginx packaging team.
	version: 3
	automerge: true
	delete_source_branch_on_merge: true
	parallel_plan: true
	parallel_apply: true
	projects:
	- name: ec2
	dir: ./ec2
	workspace: default
	terraform_version: v1.1.1