Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openbao-helm/test/acceptance/injector-test/job.yaml

40 lines
1 KiB
YAML
Raw Permalink Normal View History

Add vault agent injector (#150) * Add vault agent injector * Fix bug with agent image env * Fix terraform GKE code * Cleanup label * Improve test reliablity * Lower sleep times in tests * Standardize image values * Update values * Update vault tag
2019-12-19 15:57:51 +00:00
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pgdump
labels:
app: pgdump
---
apiVersion: batch/v1
kind: Job
metadata:
name: pgdump
spec:
backoffLimit: 0
template:
metadata:
name: pgdump
labels:
app: pgdump
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-db-creds: "database/creds/db-backup"
vault.hashicorp.com/agent-inject-template-db-creds: |
{{- with secret "database/creds/db-backup" -}}
postgresql://{{ .Data.username }}:{{ .Data.password }}@postgres.acceptance.svc.cluster.local:5432/mydb
{{- end }}
vault.hashicorp.com/role: "db-backup"
vault.hashicorp.com/agent-pre-populate-only: "true"
spec:
serviceAccountName: pgdump
containers:
- name: pgdump
image: postgres:11.5
command:
- "/bin/sh"
- "-ec"
args:
- "/usr/bin/pg_dump $(cat /vault/secrets/db-creds) --no-owner > /dev/stdout"
restartPolicy: Never
Reference in a new issue Copy permalink