apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: vault
  name: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vault
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: vault
    spec:
      containers:
        - env:
           - name: VAULT_ADDR
             value: "http://127.0.0.1:8200"
           - name: VAULT_LOCAL_CONFIG
             value: |
               storage "file" {
                 path    = "/vault/file"
               }

               listener "tcp" {
                 address     = "0.0.0.0:8200"
                 tls_disable = 1
               }

               api_addr = "https://vault.strudelline.net"
               ui = true
               
               disable_mlock = true  # k8s can't swap anyway
          image: hashicorp/vault:1.13.1
          args:
           - server
          name: vault
          volumeMounts:
            - mountPath: /vault/logs
              name: vault-logs
            - mountPath: /vault/file
              name: vault-file
      restartPolicy: Always
      volumes:
        - name: vault-file
          persistentVolumeClaim:
            claimName: vault-file
        - name: vault-logs
          persistentVolumeClaim:
            claimName: vault-logs