43 lines
992 B
YAML
43 lines
992 B
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: vault-test
|
|
---
|
|
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: sa-vault
|
|
namespace: vault-test
|
|
---
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: vault-test-deployment
|
|
namespace: vault-test
|
|
labels:
|
|
app: vault-test
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: vault-test
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: vault-test
|
|
annotations:
|
|
vault.hashicorp.com/agent-inject: 'true'
|
|
vault.hashicorp.com/role: 'k8s-role'
|
|
vault.hashicorp.com/agent-inject-secret-credentials: 'secret/k8s/config'
|
|
vault.hashicorp.com/agent-inject-template-credentials: |
|
|
{{- with secret "secret/k8s/config" -}}
|
|
postgresql://{{ .Data.data.username }}:{{ .Data.data.password }}@{{ .Data.data.psqlhost }}:5432/{{ .Data.data.database }}
|
|
{{- end -}}
|
|
spec:
|
|
serviceAccountName: sa-vault
|
|
containers:
|
|
- name: app
|
|
image: nginx
|