-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy.yaml
45 lines (45 loc) · 1.02 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-vault-signer
namespace: kube-system
---
kind: CluterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kube-vault-signer
subjects:
- kind: ServiceAccount
name: kube-vault-signer
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:controller:certificate-controller
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-vault-signer
namespace: kube-system
labels:
k8s-app: kube-vault-signer
spec:
replicas: 1
selector:
matchLabels:
k8s-app: kube-vault-signer
template:
metadata:
labels:
k8s-app: kube-vault-signer
spec:
serviceAccountName: kube-vault-signer
containers:
- name: kube-vault-signer
image: thatsmrtalbot/kube-vault-signer:__VERSION__
args:
- controller
- -vault-address=https://vault.example.com
- -vault-auth=kubernetes
- -kubernetes-auth-role=kube-vault-signer