diff --git a/vault/deployment.yaml b/vault/deployment.yaml new file mode 100644 index 0000000..0234f9a --- /dev/null +++ b/vault/deployment.yaml @@ -0,0 +1,110 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n vault + kompose.service.expose: vault.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: vault-server + name: vault-server + namespace: vault +spec: + ports: + - name: "8200" + port: 8200 + targetPort: 8200 + selector: + io.kompose.service: vault-server +status: + loadBalancer: {} + +--- +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: vault + namespace: vault +spec: {} +status: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n vault + kompose.service.expose: vault.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: vault-server + name: vault-server + namespace: vault +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: vault-server + strategy: {} + template: + metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n vault + kompose.service.expose: vault.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.network/vault-default: "true" + io.kompose.service: vault-server + spec: + containers: + - env: + - name: VAULT_ADDR + value: http://0.0.0.0:8200 + - name: VAULT_DEV_ROOT_TOKEN_ID + value: vault-plaintext-root-token + image: hashicorp/vault + name: vault-server + ports: + - containerPort: 8200 + protocol: TCP + resources: {} + securityContext: + capabilities: + add: + - IPC_LOCK + restartPolicy: Always +status: {} + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kompose.cmd: kompose convert -o deployment.yaml -n vault + kompose.service.expose: vault.wayl.one + kompose.version: 1.31.2 (a92241f79) + creationTimestamp: null + labels: + io.kompose.service: vault-server + name: vault-server + namespace: vault +spec: + rules: + - host: vault.wayl.one + http: + paths: + - backend: + service: + name: vault-server + port: + number: 8200 + path: / + pathType: Prefix +status: + loadBalancer: {} + diff --git a/vault/docker-compose.yml b/vault/docker-compose.yml new file mode 100644 index 0000000..a91112b --- /dev/null +++ b/vault/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3.8" +services: + vault-server: + image: hashicorp/vault + ports: + - 8200 + environment: + VAULT_ADDR: "http://0.0.0.0:8200" + VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token" + cap_add: + - IPC_LOCK + labels: + kompose.service.expose: vault.wayl.one diff --git a/vault/justfile b/vault/justfile new file mode 100644 index 0000000..8962595 --- /dev/null +++ b/vault/justfile @@ -0,0 +1,31 @@ +default: cred convert deploy viz +update: convert patch + +create-ns: + kubectl create ns vault +cred: + kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: vault/' | kubectl apply -n vault -f - && echo deployed secret || echo secret exists +convert: + kompose convert -o deployment.yaml -n vault +deploy: + kubectl apply -f deployment.yaml +delete: + kubectl delete all --all -n vault --timeout=0s +viz: + k8sviz -n vault --kubeconfig $KUBECONFIG -t png -o vault-k8s.png +restart: + kubectl rollout restart -n vault deployment/vault + +patch: + kubectl patch -f deployment.yaml +describe: + kubectl get deployment -n vault + kubectl get rs -n vault + kubectl get pod -n vault + kubectl get svc -n vault + kubectl get ing -n vault + +describe-pod: + kubectl describe pod -n vault +logs: + kubectl logs --all-containers -l io.kompose.service=vault-wayl-one -n vault -f diff --git a/vault/vault-k8s.png b/vault/vault-k8s.png new file mode 100644 index 0000000..7d5012f Binary files /dev/null and b/vault/vault-k8s.png differ