022ddf73a8
## What this PR does Adds OpenBAO (open-source Vault fork) as a new managed PaaS application in Cozystack. **Structure follows existing app patterns (qdrant, nats):** - System chart with vendored upstream `openbao/openbao` (chart v0.25.3, appVersion v2.5.0) - App chart with standalone/HA mode switching based on replicas count - TLS via cert-manager self-signed certificates per instance - ApplicationDefinition, PackageSource, PaaS bundle entry - E2E test with init/unseal workflow **Key design decisions:** - `replicas: 1` → standalone mode with file storage; `replicas > 1` → HA with Raft integrated storage and retry_join with TLS peer verification - TLS enabled by default — each instance gets a self-signed Certificate with DNS SANs covering services and pod addresses - `disable_mlock = true` in HCL config since default security context drops IPC_LOCK capability - Injector and CSI provider disabled (cluster-scoped components, not safe per-tenant) - No auto-init/unseal — OpenBAO requires manual initialization by design - E2E test performs full lifecycle: deploy, wait for certificate + API, init, unseal, verify readiness, cleanup ### Release note ```release-note [apps] Add OpenBAO as a managed secrets management service with standalone and HA Raft modes, TLS enabled by default ``` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added OpenBAO managed secrets management service with high-availability and standalone deployment options * Integrated monitoring and dashboards for operational visibility * Enabled configurable external access and web UI * Added automated snapshot backup capability <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Cozystack
Cozystack is a free PaaS platform and framework for building clouds.
Cozystack is a CNCF Sandbox Level Project that was originally built and sponsored by Ænix.
With Cozystack, you can transform a bunch of servers into an intelligent system with a simple REST API for spawning Kubernetes clusters, Database-as-a-Service, virtual machines, load balancers, HTTP caching services, and other services with ease.
Use Cozystack to build your own cloud or provide a cost-effective development environment.
Use-Cases
-
Using Cozystack to build a public cloud
You can use Cozystack as a backend for a public cloud -
Using Cozystack to build a private cloud
You can use Cozystack as a platform to build a private cloud powered by Infrastructure-as-Code approach -
Using Cozystack as a Kubernetes distribution
You can use Cozystack as a Kubernetes distribution for Bare Metal
Documentation
The documentation is located on the cozystack.io website.
Read the Getting Started section for a quick start.
If you encounter any difficulties, start with the troubleshooting guide and work your way through the process that we've outlined.
Versioning
Versioning adheres to the Semantic Versioning principles.
A full list of the available releases is available in the GitHub repository's Release section.
Contributions
Contributions are highly appreciated and very welcomed!
In case of bugs, please check if the issue has already been opened by checking the GitHub Issues section. If it isn't, you can open a new one. A detailed report will help us replicate it, assess it, and work on a fix.
You can express your intention to on the fix on your own. Commits are used to generate the changelog, and their author will be referenced in it.
If you have Feature Requests please use the Discussion's Feature Request section.
Community
You are welcome to join our Telegram group and come to our weekly community meetings. Add them to your Google Calendar or iCal for convenience.
License
Cozystack is licensed under Apache 2.0.
The code is provided as-is with no warranties.
Commercial Support
A list of companies providing commercial support for this project can be found on official site.