OpenBao: Init

class/defaults.yml

@@ -36,6 +36,9 @@ parameters:
         source: https://cloudnative-pg.io/charts/
         version: 0.3.1
         chartName: cluster
+      openbao:
+        source: https://openbao.github.io/openbao-helm
+        version: 0.19.3
     images:
       provider-kubernetes:
         registry: ghcr.io
@@ -72,7 +75,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        tag: feat/openbao_poc
       functionAppcat:
         registry: ${appcat:images:appcat:registry}
         repository: ${appcat:images:appcat:repository}
@@ -502,6 +505,8 @@ parameters:
           uptime: ${appcat:slos:uptimeDefaults}
         Forgejo:
           uptime: ${appcat:slos:uptimeDefaults}
+        OpenBao:
+          uptime: ${appcat:slos:uptimeDefaults}
 
     providers:
       cloudscale:
@@ -1189,6 +1194,76 @@ parameters:
                 cpu: "1"
                 memory: "4Gi"
                 disk: 50Gi
+        openbao:
+          enabled: true
+          billing: true
+          additionalInputs:
+            kubectl_image: ${appcat:images:kubectl:registry}/${appcat:images:kubectl:image}:${appcat:images:kubectl:tag}
+          serviceName: VSHNOpenBao
+          compFunctionsOnly: true
+          connectionSecretKeys:
+            - ca.crt
+            - tls.crt
+            - tls.key
+            - REDIS_HOST
+            - REDIS_PORT
+            - REDIS_USERNAME
+            - REDIS_PASSWORD
+            - REDIS_URL
+            - SENTINEL_HOSTS
+          mode: standalone
+          offered: true
+          restoreSA: openbaorestoreaccount
+          restoreRoleRules: ${appcat:defaultRestoreRoleRules}
+          openshiftTemplate:
+            serviceName: redisbyvshn
+            description: "The open source, in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker."
+            message: 'Your Redis by VSHN instance is being provisioned, please see \${SECRET_NAME} for access.'
+            url: https://vs.hn/vshn-redis
+            tags: "database,nosql"
+            icon: "icon-redis"
+            defaultVersion: "7.2"
+          enableNetworkPolicy: true
+          secretNamespace: ${appcat:services:vshn:secretNamespace}
+          helmChartVersion: ${appcat:charts:redis:version}
+          imageRegistry: ${appcat:images:redis:registry}
+          imageRepositoryPrefix: ${appcat:images:redis:repositoryPrefix}
+          maintenanceURL: "${appcat:images:redis:maintenanceURL}"
+          grpcEndpoint: ${appcat:grpcEndpoint}
+          proxyFunction: ${appcat:proxyFunction}
+          defaultPlan: standard-1
+          sla: 99.25
+          plans:
+            standard-512m:
+              size:
+                enabled: true
+                cpu: "125m"
+                memory: "512Mi"
+                disk: 16Gi
+            standard-1:
+              size:
+                enabled: true
+                cpu: "250m"
+                memory: "1Gi"
+                disk: 16Gi
+            standard-2:
+              size:
+                enabled: true
+                cpu: "500m"
+                memory: "2Gi"
+                disk: 16Gi
+            standard-4:
+              size:
+                enabled: true
+                cpu: "1"
+                memory: "4Gi"
+                disk: 16Gi
+            standard-8:
+              size:
+                enabled: true
+                cpu: "2"
+                memory: "8Gi"
+                disk: 16Gi
       # Config for exoscale composites
       exoscale:
         enabled: false

tests/golden/control-plane/appcat/appcat/10_function_appcat.yaml

@@ -4,9 +4,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+  name: function-appcat-master-feat-openbao-poc
 spec:
-  package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func
+  package: ghcr.io/vshn/appcat:feat_openbao_poc-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: enable-proxy

tests/golden/control-plane/appcat/appcat/21_composition_objectstorage_minio.yaml

@@ -21,7 +21,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:

tests/golden/control-plane/appcat/appcat/21_composition_vshn_codey.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-codey
     name: codey.io
   name: codey.io

tests/golden/control-plane/appcat/appcat/21_composition_vshn_forgejo.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-forgejo
     name: vshnforgejo.vshn.appcat.vshn.io
   name: vshnforgejo.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -47,7 +47,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: code.forgejo.org
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           ingress_annotations: |
             cert-manager.io/cluster-issuer: letsencrypt-production
           isOpenshift: 'false'

tests/golden/control-plane/appcat/appcat/21_composition_vshn_keycloak.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-keycloak
     name: vshnkeycloak.vshn.appcat.vshn.io
   name: vshnkeycloak.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -48,7 +48,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: docker-registry.inventage.com:10121/keycloak-competence-center/keycloak-managed
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           ingress_annotations: |
             nginx.ingress.kubernetes.io/backend-protocol: HTTPS
             cert-manager.io/cluster-issuer: letsencrypt-staging

tests/golden/control-plane/appcat/appcat/21_composition_vshn_mariadb.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-mariadb
     name: vshnmariadb.vshn.appcat.vshn.io
   name: vshnmariadb.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -47,7 +47,7 @@ spec:
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: docker.io
           imageRepositoryPrefix: bitnamilegacy
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           isOpenshift: 'false'
           maintenanceSA: helm-based-service-maintenance
           maintenanceURL: https://hub.docker.com/v2/repositories/bitnamilegacy/mariadb-galera/tags/?page_size=100

tests/golden/control-plane/appcat/appcat/21_composition_vshn_nextcloud.yaml

@@ -13,7 +13,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-nextcloud
     name: vshnnextcloud.vshn.appcat.vshn.io
   name: vshnnextcloud.vshn.appcat.vshn.io
@@ -24,7 +24,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -54,7 +54,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: docker.io
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           ingress_annotations: |
             cert-manager.io/cluster-issuer: letsencrypt-staging
             nginx.ingress.kubernetes.io/enable-cors: "true"

tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgres.yaml

@@ -15,7 +15,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-postgresql
     name: vshnpostgres.vshn.appcat.vshn.io
   name: vshnpostgres.vshn.appcat.vshn.io
@@ -26,7 +26,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -50,7 +50,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           externalDatabaseConnectionsEnabled: 'true'
           ignoreNamespaceForBilling: vshn-test
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           initContainers: '{"clusterReconciliationCycle": {"limits": {"cpu": "300m",
             "memory": "200Mi"}, "requests": {"cpu": "100m", "memory": "100Mi"}}, "pgbouncerAuthFile":
             {"limits": {"cpu": "300m", "memory": "500Mi"}, "requests": {"cpu": "100m",

tests/golden/control-plane/appcat/appcat/21_composition_vshn_postgrescnpg.yaml

@@ -15,7 +15,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-postgresql
     name: vshnpostgrescnpg.vshn.appcat.vshn.io
   name: vshnpostgrescnpg.vshn.appcat.vshn.io
@@ -26,7 +26,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -50,7 +50,7 @@ spec:
           emailAlertingSmtpUsername: appcat@appuio.cloud
           externalDatabaseConnectionsEnabled: 'true'
           ignoreNamespaceForBilling: vshn-test
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           isOpenshift: 'false'
           kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15
           loadbalancerAnnotations: |

tests/golden/control-plane/appcat/appcat/21_composition_vshn_redis.yaml

@@ -17,7 +17,7 @@ metadata:
     metadata.appcat.vshn.io/zone: rma1
   labels:
     metadata.appcat.vshn.io/offered: 'true'
-    metadata.appcat.vshn.io/revision: master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+    metadata.appcat.vshn.io/revision: master-feat_openbao_poc
     metadata.appcat.vshn.io/serviceID: vshn-redis
     name: vshnredis.vshn.appcat.vshn.io
   name: vshnredis.vshn.appcat.vshn.io
@@ -28,7 +28,7 @@ spec:
   mode: Pipeline
   pipeline:
     - functionRef:
-        name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        name: function-appcat-master-feat-openbao-poc
       input:
         apiVersion: v1
         data:
@@ -51,7 +51,7 @@ spec:
           ignoreNamespaceForBilling: vshn-test
           imageRegistry: ghcr.io
           imageRepositoryPrefix: vshn
-          imageTag: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          imageTag: feat_openbao_poc
           isOpenshift: 'false'
           kubectl_image: docker.io/bitnamilegacy/kubectl:1.25.15
           maintenanceSA: helm-based-service-maintenance

tests/golden/control-plane/appcat/appcat/apiserver/30_deployment.yaml

@@ -31,7 +31,7 @@ spec:
             - --secure-port=9443
             - --tls-cert-file=/apiserver.local.config/certificates/tls.crt
             - --tls-private-key-file=/apiserver.local.config/certificates/tls.key
-          image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          image: ghcr.io/vshn/appcat:feat_openbao_poc
           imagePullPolicy: IfNotPresent
           livenessProbe:
             failureThreshold: 3

tests/golden/control-plane/appcat/appcat/controllers/appcat/30_deployment.yaml

@@ -28,7 +28,7 @@ spec:
           env:
             - name: PLANS_NAMESPACE
               value: syn-appcat
-          image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          image: ghcr.io/vshn/appcat:feat_openbao_poc
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:

tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
   template:
     metadata:
       annotations:
-        function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        function-revision: feat/openbao_poc
       labels:
         app: crossplane
         app.kubernetes.io/component: cloud-infrastructure-controller

tests/golden/control-plane/appcat/appcat/crossplane/helmchart/crossplane/templates/rbac-manager-deployment.yaml

@@ -26,7 +26,7 @@ spec:
   template:
     metadata:
       annotations:
-        function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        function-revision: feat/openbao_poc
       labels:
         app: crossplane-rbac-manager
         app.kubernetes.io/component: cloud-infrastructure-controller

tests/golden/control-plane/appcat/appcat/sla_reporter/01_cronjob.yaml

@@ -30,7 +30,7 @@ spec:
               envFrom:
                 - secretRef:
                     name: appcat-sla-reports-creds
-              image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+              image: ghcr.io/vshn/appcat:feat_openbao_poc
               name: sla-reporter
               resources:
                 limits:

tests/golden/defaults/appcat/appcat/10_function_appcat.yaml

@@ -4,9 +4,9 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: '-40'
-  name: function-appcat-master-6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+  name: function-appcat-master-feat-openbao-poc
 spec:
-  package: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164-func
+  package: ghcr.io/vshn/appcat:feat_openbao_poc-func
   packagePullPolicy: IfNotPresent
   runtimeConfigRef:
     name: function-appcat

tests/golden/defaults/appcat/appcat/apiserver/30_deployment.yaml

@@ -31,7 +31,7 @@ spec:
             - --secure-port=9443
             - --tls-cert-file=/apiserver.local.config/certificates/tls.crt
             - --tls-private-key-file=/apiserver.local.config/certificates/tls.key
-          image: ghcr.io/vshn/appcat:6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+          image: ghcr.io/vshn/appcat:feat_openbao_poc
           imagePullPolicy: IfNotPresent
           livenessProbe:
             failureThreshold: 3

tests/golden/defaults/appcat/appcat/crossplane/helmchart/crossplane/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
   template:
     metadata:
       annotations:
-        function-revision: 6b604b8a6bfb4e9cb8d7bdb0b3280daa8face164
+        function-revision: feat/openbao_poc
       labels:
         app: crossplane
         app.kubernetes.io/component: cloud-infrastructure-controller