Add Vault installation chart

Adds kustomization for installing vault.

.github/workflows/kustomize-vault.yaml

@@ -0,0 +1,37 @@
+name: Kustomize GitHub Actions for vault
+
+on:
+  pull_request:
+    paths:
+      - kustomize/vault/**
+      - .github/workflows/kustomize-vault.yaml
+jobs:
+  kustomize:
+    strategy:
+      matrix:
+        overlays:
+          - base
+    name: Kustomize
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: azure/setup-helm@v3
+        with:
+          version: latest
+          token: "${{ secrets.GITHUB_TOKEN }}"
+        id: helm
+      - name: Kustomize Install
+        working-directory: /usr/local/bin/
+        run: |
+          if [ ! -f /usr/local/bin/kustomize ]; then
+            curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash
+          fi
+      - name: Run Kustomize Build
+        run: |
+          kustomize build kustomize/vault/${{ matrix.overlays }} --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml
+      - name: Return Kustomize Build
+        uses: actions/upload-artifact@v2
+        with:
+          name: kustomize-vault-artifact-${{ matrix.overlays }}
+          path: /tmp/rendered.yaml

kustomize/vault/base/kustomization.yaml

@@ -0,0 +1,14 @@
+resources:
+  - './namespace.yaml'
+  - './ssl/'
+
+namespace: vault
+helmGlobals:
+  chartHome: ../charts/
+helmCharts:
+- name: vault
+  includeCRDs: true
+  valuesFile: values.yaml
+  releaseName: vault
+  version: 0.27.0
+  repo: https://helm.releases.hashicorp.com

kustomize/vault/base/namespace.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: vault
+    name: vault
+  name: vault

kustomize/vault/base/ssl/kustomization.yaml

@@ -0,0 +1,6 @@
+namespace: vault
+resources:
+  - './vault-selfsigned-issuer.yaml'
+  - './vault-selfsigned-ca.yaml'
+  - './vault-ca-issuer.yaml'
+  - './vault-cert.yaml'

kustomize/vault/base/ssl/vault-ca-issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: vault-ca-issuer
+spec:
+  ca:
+    secretName: vault-root-secret

kustomize/vault/base/ssl/vault-cert.yaml

@@ -0,0 +1,24 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: vault-cert
+spec:
+  isCA: false
+  dnsNames:
+    - "vault.vault.svc"
+    - "*.vault-internal"
+    - "*.vault-internal.vault"
+    - "*.vault-internal.vault.svc"
+    - "*.vault-internal.vault.svc.cluster.local"
+  ipAddresses:
+    - 127.0.0.1
+  secretName: vault-tls-secret
+  duration: 8760h0m0s
+  renewBefore: 360h0m0s
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: vault-ca-issuer
+    kind: Issuer
+    group: cert-manager.io

kustomize/vault/base/ssl/vault-selfsigned-ca.yaml

@@ -0,0 +1,17 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: vault-selfsigned-ca
+spec:
+  isCA: true
+  commonName: rackspace.com
+  secretName: vault-root-secret
+  duration: 87600h0m0s
+  renewBefore: 360h0m0s
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: vault-selfsigned-issuer
+    kind: Issuer
+    group: cert-manager.io

kustomize/vault/base/ssl/vault-selfsigned-issuer.yaml

@@ -0,0 +1,6 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: vault-selfsigned-issuer
+spec:
+  selfSigned: {}