apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: kompose convert -o deployment.yaml -n vault
    kompose.service.expose: vault.wayl.one
    kompose.version: 1.31.2 (a92241f79)
  creationTimestamp: null
  labels:
    io.kompose.service: vault-server
  name: vault-server
  namespace: vault
spec:
  ports:
    - name: "8200"
      port: 8200
      targetPort: 8200
  selector:
    io.kompose.service: vault-server
status:
  loadBalancer: {}

---
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: vault
  namespace: vault
spec: {}
status: {}

---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert -o deployment.yaml -n vault
    kompose.service.expose: vault.wayl.one
    kompose.version: 1.31.2 (a92241f79)
  creationTimestamp: null
  labels:
    io.kompose.service: vault-server
  name: vault-server
  namespace: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: vault-server
  strategy: {}
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert -o deployment.yaml -n vault
        kompose.service.expose: vault.wayl.one
        kompose.version: 1.31.2 (a92241f79)
      creationTimestamp: null
      labels:
        io.kompose.network/vault-default: "true"
        io.kompose.service: vault-server
    spec:
      containers:
        # run vault server as the command

        - env:
            # - name: VAULT_LOCAL_CONFIG
            #   value: '{"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}'
            - name: VAULT_ADDR
              value: http://0.0.0.0:8200
              # - name: VAULT_DEV_ROOT_TOKEN_ID
              #   valueFrom:
              #     secretKeyRef:
              #       key: VAULT_DEV_ROOT_TOKEN_ID
              #       name: vault-dev-root-token-id
          image: hashicorp/vault
          name: vault-server
          command: ["vault", "server", "-config=/vault/config/vault.hcl"]
          ports:
            - containerPort: 8200
              protocol: TCP
          resources: {}
          securityContext:
            capabilities:
              add:
                - IPC_LOCK
          volumeMounts:
            - mountPath: /vault/data
              name: vault-data
            - name: vault-config
              mountPath: /vault/config
      volumes:
        - name: vault-data
          persistentVolumeClaim:
            claimName: vault-data
        - name: vault-config
          configMap:
            name: vault-config

      restartPolicy: Always
status: {}

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kompose.cmd: kompose convert -o deployment.yaml -n vault
    kompose.service.expose: vault.wayl.one
    kompose.version: 1.31.2 (a92241f79)
  creationTimestamp: null
  labels:
    io.kompose.service: vault-server
  name: vault-server
  namespace: vault
spec:
  rules:
    - host: vault.wayl.one
      http:
        paths:
          - backend:
              service:
                name: vault-server
                port:
                  number: 8200
            path: /
            pathType: Prefix
status:
  loadBalancer: {}

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  creationTimestamp: null
  labels:
    io.kompose.service: vault
  name: vault-data
  namespace: vault
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 100Mi
status: {}

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-config
  namespace: vault
data:
  vault.hcl: |-
    disable_mlock = true
    ui = true

    listener "tcp" {
      tls_disable = 1
      address = "[::]:8200"
      cluster_address = "[::]:8201"
    }
    storage "file" {
      path = "/vault/data"
    }