Vault private ingress

[BogdanAntoniu78]

Summary

Changes on this PR:

• Private ingress added for Vault deployment
• Runbooks
• CPU/Memory requests and limits set

Test Plan

• Runbooks corectly displayed in Console
• Pods are starting with new requests and limits
• If exposePrivate flag is set to true, Vault UI is available only when using VPN connection to EKS cluster

Checklist

• No images hosted from dockerhub
• Are dashboards present to understand the health of the application. There must be at least 1 of these
  • all databases should have dashboards
  • ideally also have at least cpu/mem utilization dashboards for webserver tier of the app
  • you can use plural from-grafana to convert a grafana dashboard found via google to our CRD
• Are scaling runbooks present
  • all databases must have scaling runbooks
  • you can use the charts in pluralsh/module-library to accelerate this
• do you need to add config overlays?
  • inputing secrets
  • configuring autoscaling
• If there’s a web-facing component to the app, we need to support OIDC authentication and setting up private networks if no authentication option is viable
• All major clouds must be supported
  • Azure
  • AWS
  • GCP

[michaeljguarino]

A lot of these values should actually be moved down to values.yaml since the current setup prevents reconfiguration. Really we should have nginx as the default there then overwrite with:

{{ if .Values.exposePrivate }}
ingressClassName: internal-nginx
{{ end }}

in values.yaml.tpl

[BogdanAntoniu78]

Sure. I moved the values to values.yaml.tpl. Ihad to leave also the else statement, as otherwise the className gets undefined.

[michaeljguarino]

It looks like this does have a merge conflict to resolve

[BogdanAntoniu78]

Fixed