{{- if and (.Values.vault.create.enabled) (eq .Values.vault.type "hashicorp") -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-vault labels: app: {{ .Release.Name }}-vault spec: replicas: 1 selector: matchLabels: app: {{ .Release.Name }}-vault template: metadata: labels: app: {{ .Release.Name }}-vault spec: containers: - name: {{ .Release.Name }}-vault image: {{ .Values.vault.create.image.repository }}:{{ .Values.vault.create.image.tag }} ports: - containerPort: 8200 - containerPort: 8201 {{- if .Values.vault.create.snapshotServer.enabled }} - containerPort: {{ .Values.vault.create.snapshotServer.internalPort }} {{- end }} env: - name: VAULT_ADDR value: http://0.0.0.0:8200 - name: POLICY_CAPABILITIES value: {{ .Values.vault.create.policyCapabilities | join "," }} - name: ROLE_ID_SECRET_NAME value: VAULT_ROLE_ID - name: SECRET_ID_SECRET_NAME value: VAULT_SECRET_ID {{- if .Values.vault.create.snapshotServer.enabled }} - name: SNAPSHOT_SERVER_PORT value: {{ .Values.vault.create.snapshotServer.internalPort | quote }} {{- end }} volumeMounts: - name: vault-data mountPath: /vault/data - name: vault-log mountPath: /vault/logs - name: vault-creds mountPath: /vault/creds - name: vault-role-vars mountPath: /role_vars capAdd: - IPC_LOCK volumes: - name: vault-data emptyDir: {} - name: vault-log emptyDir: {} - name: vault-creds {{- if .Values.vault.create.snapshotServer.enabled }} persistentVolumeClaim: claimName: {{ .Release.Name }}-vault-creds {{- else }} emptyDir: {} {{- end }} - name: vault-role-vars persistentVolumeClaim: claimName: {{ .Release.Name }}-vault-role-vars {{- end -}}