vault works

vault/deployment.yaml

@@ -0,0 +1,110 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n vault
+    kompose.service.expose: vault.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: vault-server
+  name: vault-server
+  namespace: vault
+spec:
+  ports:
+    - name: "8200"
+      port: 8200
+      targetPort: 8200
+  selector:
+    io.kompose.service: vault-server
+status:
+  loadBalancer: {}
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  name: vault
+  namespace: vault
+spec: {}
+status: {}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n vault
+    kompose.service.expose: vault.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: vault-server
+  name: vault-server
+  namespace: vault
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: vault-server
+  strategy: {}
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -o deployment.yaml -n vault
+        kompose.service.expose: vault.wayl.one
+        kompose.version: 1.31.2 (a92241f79)
+      creationTimestamp: null
+      labels:
+        io.kompose.network/vault-default: "true"
+        io.kompose.service: vault-server
+    spec:
+      containers:
+        - env:
+            - name: VAULT_ADDR
+              value: http://0.0.0.0:8200
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: vault-plaintext-root-token
+          image: hashicorp/vault
+          name: vault-server
+          ports:
+            - containerPort: 8200
+              protocol: TCP
+          resources: {}
+          securityContext:
+            capabilities:
+              add:
+                - IPC_LOCK
+      restartPolicy: Always
+status: {}
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n vault
+    kompose.service.expose: vault.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: vault-server
+  name: vault-server
+  namespace: vault
+spec:
+  rules:
+    - host: vault.wayl.one
+      http:
+        paths:
+          - backend:
+              service:
+                name: vault-server
+                port:
+                  number: 8200
+            path: /
+            pathType: Prefix
+status:
+  loadBalancer: {}
+

vault/docker-compose.yml

@@ -0,0 +1,13 @@
+version: "3.8"
+services:
+  vault-server:
+    image: hashicorp/vault
+    ports:
+      - 8200
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:8200"
+      VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token"
+    cap_add:
+      - IPC_LOCK
+    labels:
+      kompose.service.expose: vault.wayl.one

vault/justfile

@@ -0,0 +1,31 @@
+default: cred convert deploy viz
+update: convert patch
+
+create-ns:
+    kubectl create ns vault
+cred:
+    kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: vault/' | kubectl apply -n vault -f - && echo deployed secret || echo secret exists
+convert:
+    kompose convert -o deployment.yaml -n vault
+deploy:
+    kubectl apply -f deployment.yaml
+delete:
+    kubectl delete all --all -n vault --timeout=0s
+viz:
+    k8sviz -n vault --kubeconfig $KUBECONFIG -t png -o vault-k8s.png
+restart:
+    kubectl rollout restart -n vault deployment/vault
+
+patch:
+    kubectl patch -f deployment.yaml
+describe:
+    kubectl get deployment -n vault
+    kubectl get rs -n vault
+    kubectl get pod -n vault
+    kubectl get svc -n vault
+    kubectl get ing -n vault
+
+describe-pod:
+    kubectl describe pod -n vault
+logs:
+    kubectl logs --all-containers -l io.kompose.service=vault-wayl-one -n vault -f