54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
namespace: vault
|
||
|
name: vault
|
||
|
spec:
|
||
|
replicas: 1
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: vault
|
||
|
strategy:
|
||
|
type: Recreate
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app: vault
|
||
|
spec:
|
||
|
containers:
|
||
|
- env:
|
||
|
- name: VAULT_ADDR
|
||
|
value: "http://127.0.0.1:8200"
|
||
|
- name: VAULT_LOCAL_CONFIG
|
||
|
value: |
|
||
|
storage "file" {
|
||
|
path = "/vault/file"
|
||
|
}
|
||
|
|
||
|
listener "tcp" {
|
||
|
address = "0.0.0.0:8200"
|
||
|
tls_disable = 1
|
||
|
}
|
||
|
|
||
|
api_addr = "https://vault.strudelline.net"
|
||
|
ui = true
|
||
|
|
||
|
disable_mlock = true # k8s can't swap anyway
|
||
|
image: hashicorp/vault:1.13.1
|
||
|
args:
|
||
|
- server
|
||
|
name: vault
|
||
|
volumeMounts:
|
||
|
- mountPath: /vault/logs
|
||
|
name: vault-logs
|
||
|
- mountPath: /vault/file
|
||
|
name: vault-file
|
||
|
restartPolicy: Always
|
||
|
volumes:
|
||
|
- name: vault-file
|
||
|
persistentVolumeClaim:
|
||
|
claimName: vault-file
|
||
|
- name: vault-logs
|
||
|
persistentVolumeClaim:
|
||
|
claimName: vault-logs
|