wip

2025-11-22 22:20:32 -06:00 · 2025-11-22 22:20:32 -06:00 · 9e2c30af22
commit 9e2c30af22
parent 8c0277c8f3
60 changed files with 8853 additions and 232 deletions
--- a/vault/deployment.yaml
+++ b/vault/deployment.yaml
@ -1,4 +1,3 @@
---
 apiVersion: v1
 kind: Service
 metadata:
@ -62,13 +61,21 @@ spec:
        io.kompose.service: vault-server
    spec:
      containers:
+        # run vault server as the command
+
        - env:
+            # - name: VAULT_LOCAL_CONFIG
+            #   value: '{"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}'
            - name: VAULT_ADDR
              value: http://0.0.0.0:8200
-            - name: VAULT_DEV_ROOT_TOKEN_ID
-              value: vault-plaintext-root-token
+              # - name: VAULT_DEV_ROOT_TOKEN_ID
+              #   valueFrom:
+              #     secretKeyRef:
+              #       key: VAULT_DEV_ROOT_TOKEN_ID
+              #       name: vault-dev-root-token-id
          image: hashicorp/vault
          name: vault-server
+          command: ["vault", "server", "-config=/vault/config/vault.hcl"]
          ports:
            - containerPort: 8200
              protocol: TCP
@ -77,6 +84,19 @@ spec:
            capabilities:
              add:
                - IPC_LOCK
+          volumeMounts:
+            - mountPath: /vault/data
+              name: vault-data
+            - name: vault-config
+              mountPath: /vault/config
+      volumes:
+        - name: vault-data
+          persistentVolumeClaim:
+            claimName: vault-data
+        - name: vault-config
+          configMap:
+            name: vault-config
+
      restartPolicy: Always
 status: {}

@ -108,3 +128,39 @@ spec:
 status:
  loadBalancer: {}

+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: vault
+  name: vault-data
+  namespace: vault
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vault-config
+  namespace: vault
+data:
+  vault.hcl: |-
+    disable_mlock = true
+    ui = true
+
+    listener "tcp" {
+      tls_disable = 1
+      address = "[::]:8200"
+      cluster_address = "[::]:8201"
+    }
+    storage "file" {
+      path = "/vault/data"
+    }