vault-sidekick/services/demo-rc.yaml

---
apiVersion: v1
kind: ReplicationController
metadata:
  namespace: demo
  name: vault-demo
spec:
  replicas: 1
  selector:
    name: vault-demo
  template:
    metadata:
      labels:
        name: vault-demo
    spec:
      containers:
      - name: vault-sidekick
        image: gambol99/vault-sidekick:0.0.1
        imagePullPolicy: Always
        args:
          - -logtostderr=true
          - -v=4
          - -tls-skip-verify=true
          - -auth=/etc/token/vault-token.yml
          - -output=/etc/secrets
          - -cn=secret:db:update=3h,revoke=true
          - -cn=pki:example-dot-com:cn=demo.example.com,fmt=cert,file=demo.example.com
          - -vault=https://vault.services.cluster.local:8200
        volumeMounts:
          - name: secrets
            mountPath: /etc/secrets
          - name: token
            mountPath: /etc/token
      - name: nginx-tls-sidekick
        image: quay.io/ukhomeofficedigital/nginx-tls-sidekick
        imagePullPolicy: Always
        args:
          - ./run.sh
          - -p
          - 443:127.0.0.1:80:demo.example.com
        ports:
          - containerPort: 443
        volumeMounts:
          - name: secrets
            mountPath: /etc/secrets
      - name: apache
        image: fedora/apache
        ports:
        - containerPort: 80
        volumeMounts:
          - name: secrets
            mountPath: /etc/secrets
      volumes:
        - name: secrets
          emptyDir: {}
        - name: token
          secret:
            secretName: vault-token
- fixing up the dockerfile - adding the k8s demo services 2015-09-23 12:37:12 -04:00			`---`
			`apiVersion: v1`
			`kind: ReplicationController`
			`metadata:`
			`namespace: demo`
			`name: vault-demo`
			`spec:`
			`replicas: 1`
			`selector:`
			`name: vault-demo`
			`template:`
			`metadata:`
			`labels:`
			`name: vault-demo`
			`spec:`
			`containers:`
			`- name: vault-sidekick`
			`image: gambol99/vault-sidekick:0.0.1`
- adding the k8s service file - adding the tls sidekick 2015-09-24 12:27:28 -04:00			`imagePullPolicy: Always`
- fixing up the dockerfile - adding the k8s demo services 2015-09-23 12:37:12 -04:00			`args:`
			`- -logtostderr=true`
			`- -v=4`
			`- -tls-skip-verify=true`
			`- -auth=/etc/token/vault-token.yml`
			`- -output=/etc/secrets`
- changing the resource options to full names rather than shortcuts, make its more obvious - adding a delay in the revoke option 2015-10-14 09:17:17 -04:00			`- -cn=secret:db:update=3h,revoke=true`
			`- -cn=pki:example-dot-com:cn=demo.example.com,fmt=cert,file=demo.example.com`
- fixing up the dockerfile - adding the k8s demo services 2015-09-23 12:37:12 -04:00			`- -vault=https://vault.services.cluster.local:8200`
			`volumeMounts:`
			`- name: secrets`
			`mountPath: /etc/secrets`
			`- name: token`
			`mountPath: /etc/token`
- adding the k8s service file - adding the tls sidekick 2015-09-24 12:27:28 -04:00			`- name: nginx-tls-sidekick`
			`image: quay.io/ukhomeofficedigital/nginx-tls-sidekick`
			`imagePullPolicy: Always`
			`args:`
			`- ./run.sh`
			`- -p`
			`- 443:127.0.0.1:80:demo.example.com`
			`ports:`
			`- containerPort: 443`
			`volumeMounts:`
			`- name: secrets`
			`mountPath: /etc/secrets`
- fixing up the dockerfile - adding the k8s demo services 2015-09-23 12:37:12 -04:00			`- name: apache`
			`image: fedora/apache`
			`ports:`
			`- containerPort: 80`
			`volumeMounts:`
			`- name: secrets`
			`mountPath: /etc/secrets`
			`volumes:`
			`- name: secrets`
			`emptyDir: {}`
			`- name: token`
			`secret:`
			`secretName: vault-token`