This repository was archived by the owner on Feb 8, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvault-devmode.yaml
101 lines (93 loc) · 2.12 KB
/
vault-devmode.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
apiVersion: v1
data:
cf-broker.hcl: |+
# Manage internal state under "/broker", but since this token is going to
# generate children, it needs full management of the "/cf/*" space
path "/cf/" {
capabilities = ["list"]
}
path "/cf/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
# List all mounts
path "sys/mounts" {
capabilities = ["read", "list"]
}
# Create mounts under the "/cf/" prefix
path "sys/mounts/cf/*" {
capabilities = ["create", "update", "delete"]
}
# Create policies with the "cf-*" prefix
path "sys/policy/cf-*" {
capabilities = ["create", "update", "delete"]
}
# Create token role
path "/auth/token/roles/cf-*" {
capabilities = ["create", "update", "delete"]
}
# Create tokens from role
path "/auth/token/create/cf-*" {
capabilities = ["create", "update"]
}
# Revoke tokens by accessor
path "/auth/token/revoke-accessor" {
capabilities = ["create", "update"]
}
kind: ConfigMap
metadata:
name: cf-broker-hcl
namespace: catalog
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: vault
name: vaultdev
spec:
replicas: 1
selector:
matchLabels:
app: vault
template:
metadata:
labels:
app: vault
spec:
containers:
- image: vault
imagePullPolicy: Always
name: vault
ports:
- containerPort: 8200
name: web
protocol: TCP
securityContext:
capabilities:
add: ["IPC_LOCK"]
volumeMounts:
- name: config-volume
mountPath: /etc/hcl
volumes:
- name: config-volume
configMap:
# Provide the name of the ConfigMap containing the files you want
# to add to the container
name: cf-broker-hcl
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
labels:
app: vault
name: vaultdev
spec:
ports:
- port: 8200
protocol: TCP
targetPort: 8200
selector:
app: vault
sessionAffinity: None
type: ClusterIP