Here I want to deploy S3 in k8s cluster with manual approach instead of Helm. But Meet some error here.
NAME READY STATUS RESTARTS AGE
vault-569865f876-mhtjm 0/1 CrashLoopBackOff 505 (35s ago) 42h
This is my deployment :
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
namespace: vault
spec:
replicas: 3
selector:
matchLabels:
app: vault
template:
metadata:
labels:
app: vault
spec:
serviceAccountName: vault-auth
containers:
- command:
- /bin/sh
name: vault
image: 162618157205.dkr.ecr.eu-west-1.amazonaws.com/gccc-secret-manager-imagerepo:v0.0.31
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- sleep 5 && kill -SIGTERM (pidof vault)
ports:
- containerPort: 8200
name: vault-api
- containerPort: 8201
name: vault-cluster
readinessProbe:
exec:
command:
- /bin/sh
- -ec
- vault status -tls-skip-verify
failureThreshold: 2
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
securityContext:
allowPrivilegeEscalation: false
capabilities:
add: ["IPC_LOCK"]
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: SKIP_CHOWN
value: "true"
- name: SKIP_SETCAP
value: "true"
- name: VAULT_K8S_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: VAULT_K8S_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: VAULT_CLUSTER_ADDR
value: https://(HOSTNAME).vault-internal:8201
resources:
requests:
memory: “512Mi”
cpu: “250m”
limits:
memory: “1Gi”
cpu: “500m”
volumeMounts:
- name: config
mountPath: /vault/config
readOnly: true
dnsPolicy: ClusterFirst
schedulerName: default-scheduler
securityContext:
fsGroup: 1000
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 100
volumes:
- name: config
configMap:
name: vault-config
How can I deploy vault in K8s cluster without Helm