kube-cascade/vault/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: vault
  name: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vault
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: vault
    spec:
      containers:
        - env:
           - name: VAULT_ADDR
             value: "http://127.0.0.1:8200"
           - name: VAULT_LOCAL_CONFIG
             value: |
               storage "file" {
                 path    = "/vault/file"
               }

               listener "tcp" {
                 address     = "0.0.0.0:8200"
                 tls_disable = 1
               }

               api_addr = "https://vault.strudelline.net"
               ui = true
               
               disable_mlock = true  # k8s can't swap anyway
          image: hashicorp/vault:1.13.1
          args:
           - server
          name: vault
          volumeMounts:
            - mountPath: /vault/logs
              name: vault-logs
            - mountPath: /vault/file
              name: vault-file
      restartPolicy: Always
      volumes:
        - name: vault-file
          persistentVolumeClaim:
            claimName: vault-file
        - name: vault-logs
          persistentVolumeClaim:
            claimName: vault-logs
add vault 2023-04-28 01:56:37 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`namespace: vault`
			`name: vault`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: vault`
			`strategy:`
			`type: Recreate`
			`template:`
			`metadata:`
			`labels:`
			`app: vault`
			`spec:`
			`containers:`
			`- env:`
			`- name: VAULT_ADDR`
			`value: "http://127.0.0.1:8200"`
			`- name: VAULT_LOCAL_CONFIG`
			`value: \|`
			`storage "file" {`
			`path = "/vault/file"`
			`}`

			`listener "tcp" {`
			`address = "0.0.0.0:8200"`
			`tls_disable = 1`
			`}`

			`api_addr = "https://vault.strudelline.net"`
			`ui = true`

			`disable_mlock = true # k8s can't swap anyway`
			`image: hashicorp/vault:1.13.1`
			`args:`
			`- server`
			`name: vault`
			`volumeMounts:`
			`- mountPath: /vault/logs`
			`name: vault-logs`
			`- mountPath: /vault/file`
			`name: vault-file`
			`restartPolicy: Always`
			`volumes:`
			`- name: vault-file`
			`persistentVolumeClaim:`
			`claimName: vault-file`
			`- name: vault-logs`
			`persistentVolumeClaim:`
			`claimName: vault-logs`