Skip to content

Commit

Permalink
deploy ca server for bootstrapping trust
Browse files Browse the repository at this point in the history
  • Loading branch information
@asiyani
asiyani committed Jan 22, 2025
1 parent e8d41fd commit 2ac8235
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 0 deletions.
53 changes: 53 additions & 0 deletions base/vault-namespace/ca-server.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# vault-ca-cert-server is used to distribute frequently rotating vault CA cert
piVersion: v1
kind: Service
metadata:
labels:
name: vault-ca-cert
name: vault-ca-cert
spec:
selector:
app: vault-ca-cert-server
ports:
- name: http-file-serve
port: 8100
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault-ca-cert-server
labels:
app: vault-ca-cert-server
spec:
replicas: 1
selector:
matchLabels:
app: vault-ca-cert-server
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8100"
labels:
app: vault-ca-cert-server
spec:
containers:
- name: vault-ca-cert-server
image: quay.io/utilitywarehouse/kube-ca-cert-server:v0.0.4
args:
- "-p=8100"
- "-f=/etc/tls/ca.crt"
ports:
- name: http-file-serve
containerPort: 8100
volumeMounts:
- name: vault-tls
mountPath: /etc/tls
volumes:
- name: vault-tls
secret:
secretName: vault-tls
defaultMode: 0400
items:
- key: ca.crt
path: ca.crt
1 change: 1 addition & 0 deletions base/vault-namespace/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ca-server.yaml
- rbac.yaml
- vault.yaml
- vault-pki.yaml
Expand Down

0 comments on commit 2ac8235

Please sign in to comment.