waylon/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
homelab/vault/deployment.yaml
Waylon S. Walker 9e2c30af22 wip
2025-11-22 22:20:32 -06:00

166 lines
3.8 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n vault
kompose.service.expose: vault.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: vault-server
name: vault-server
namespace: vault
spec:
ports:
- name: "8200"
port: 8200
targetPort: 8200
selector:
io.kompose.service: vault-server
status:
loadBalancer: {}
---
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: vault
namespace: vault
spec: {}
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n vault
kompose.service.expose: vault.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: vault-server
name: vault-server
namespace: vault
spec:
replicas: 1
selector:
matchLabels:
io.kompose.service: vault-server
strategy: {}
template:
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n vault
kompose.service.expose: vault.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.network/vault-default: "true"
io.kompose.service: vault-server
spec:
containers:
# run vault server as the command
- env:
# - name: VAULT_LOCAL_CONFIG
# value: '{"storage": {"file": {"path": "/vault/file"}}, "listener": [{"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}'
- name: VAULT_ADDR
value: http://0.0.0.0:8200
# - name: VAULT_DEV_ROOT_TOKEN_ID
# valueFrom:
# secretKeyRef:
# key: VAULT_DEV_ROOT_TOKEN_ID
# name: vault-dev-root-token-id
image: hashicorp/vault
name: vault-server
command: ["vault", "server", "-config=/vault/config/vault.hcl"]
ports:
- containerPort: 8200
protocol: TCP
resources: {}
securityContext:
capabilities:
add:
- IPC_LOCK
volumeMounts:
- mountPath: /vault/data
name: vault-data
- name: vault-config
mountPath: /vault/config
volumes:
- name: vault-data
persistentVolumeClaim:
claimName: vault-data
- name: vault-config
configMap:
name: vault-config
restartPolicy: Always
status: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kompose.cmd: kompose convert -o deployment.yaml -n vault
kompose.service.expose: vault.wayl.one
kompose.version: 1.31.2 (a92241f79)
creationTimestamp: null
labels:
io.kompose.service: vault-server
name: vault-server
namespace: vault
spec:
rules:
- host: vault.wayl.one
http:
paths:
- backend:
service:
name: vault-server
port:
number: 8200
path: /
pathType: Prefix
status:
loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
creationTimestamp: null
labels:
io.kompose.service: vault
name: vault-data
namespace: vault
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-config
namespace: vault
data:
vault.hcl: |-
disable_mlock = true
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
}
storage "file" {
path = "/vault/data"
}
Reference in a new issue View git blame Copy permalink