bank-vaults/hack/oidc-pod.yaml at master · jwitko/bank-vaults · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
apiVersion: v1
kind: Pod
metadata:
  name: oidc
spec:
  containers:
    - image: kurun://cmd/examples/main.go
      name: oidc
      volumeMounts:
        - mountPath: /var/run/secrets/tokens
          name: oidc-token
      env:
        - name: KUBERNETES_SERVICE_ACCOUNT_TOKEN
          value: /var/run/secrets/tokens/oidc-token
        - name: VAULT_PATH
          value: jwt
      resources:
        limits:
          cpu: 100m
          memory: 128Mi
        requests:
          cpu: 100m
          memory: 128Mi
  restartPolicy: OnFailure
  serviceAccountName: default
  volumes:
    - name: oidc-token
      projected:
        sources:
          - serviceAccountToken:
              path: oidc-token
              expirationSeconds: 7200
              audience: vault