--- apiVersion: apps/v1 kind: StatefulSet metadata: name: vault namespace: vault labels: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault app.kubernetes.io/version: 2.0.1 spec: serviceName: vault-internal replicas: 5 selector: matchLabels: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault template: metadata: labels: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault app.kubernetes.io/version: 2.0.1 spec: serviceAccountName: vault terminationGracePeriodSeconds: 10 affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app.kubernetes.io/name: vault containers: - name: vault image: hashicorp/vault:2.0.1 command: - vault - server - -config=/vault/config ports: - name: api containerPort: 8200 protocol: TCP - name: cluster containerPort: 8201 protocol: TCP env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: VAULT_ADDR value: "http://127.0.0.1:8200" - name: VAULT_API_ADDR value: "http://$(POD_IP):8200" - name: VAULT_CLUSTER_ADDR value: "http://$(POD_IP):8201" - name: VAULT_RAFT_NODE_ID valueFrom: fieldRef: fieldPath: metadata.name - name: SKIP_SETCAP value: "true" readinessProbe: httpGet: path: /v1/sys/health?standbyok=true&sealedok=true&uninitok=true port: 8200 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 failureThreshold: 3 livenessProbe: httpGet: path: /v1/sys/health?standbyok=true&sealedok=true&uninitok=true port: 8200 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 3 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 1000m memory: 2Gi volumeMounts: - name: data mountPath: /vault/data - name: config mountPath: /vault/config volumes: - name: config configMap: name: vault-config volumeClaimTemplates: - metadata: name: data labels: app.kubernetes.io/name: vault app.kubernetes.io/instance: vault spec: accessModes: ["ReadWriteOnce"] storageClassName: cephrbd-fast-delete resources: requests: storage: 10Gi