From 2671bb4e3fdc97639a923a091c29639d48ebafaf Mon Sep 17 00:00:00 2001
From: Vshivkov Vladimir <vshivkovvladimir@gmail.com>
Date: Thu, 21 Nov 2024 13:31:00 +0100
Subject: [PATCH] add vault injector

---
 kustomize/sd3/frontend/base/deployment.yaml | 42 +++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/kustomize/sd3/frontend/base/deployment.yaml b/kustomize/sd3/frontend/base/deployment.yaml
index d0e8c60..d2bef89 100644
--- a/kustomize/sd3/frontend/base/deployment.yaml
+++ b/kustomize/sd3/frontend/base/deployment.yaml
@@ -28,3 +28,45 @@ spec:
             limits:
               cpu: 200m
               memory: 256Mi
+      volumeMounts:
+        - mountPath: "/secrets"
+          name: "secrets"
+      initContainers:
+      - name: "vault-agent"
+        command:
+        - "sh"
+        - "-c"
+        - "vault agent -config=/etc/vault/vault-agent.hcl -exit-after-auth=true"
+        env:
+        - name: "VAULT_ADDR"
+          value: "https://vault-lb.eco.tsi-dev.otc-service.com:8200"
+        image: "hashicorp/vault"
+        resources:
+          limits:
+            cpu: "300m"
+            memory: "300Mi"
+          requests:
+            cpu: "50m"
+            memory: "50Mi"
+        volumeMounts:
+        - mountPath: "/etc/vault"
+          name: "vault-agent-config"
+        - mountPath: "/secrets"
+          name: "secrets"
+        - mountPath: "/var/run/secrets/tokens"
+          name: "k8-tokens"
+          readOnly: true
+      volumes:
+      - name: vault-agent-config
+        configMap:
+          defaultMode: 420
+          name: sd3-front-vault-config
+      - name: secrets
+        emptyDir: {}
+      - name: "k8-tokens"
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              expirationSeconds: 7200
+              path: "vault-token"