apiVersion: v1
kind: ConfigMap
metadata:
  name: boundary-controller
data:
  run.sh: |
    #!/bin/sh
    echo "Starting initializing for pod $HOSTNAME"
    sed "s/CONTROLLERNAME/$HOSTNAME/g" /boundary-config/config.txt > /boundary/config.hcl
  config.txt: |
    disable_mlock = true

    controller {
    # This name attr must be unique across all controller instances if running in HA mode
    name = "CONTROLLERNAME"
    description = "kube controller"

    # Database URL for postgres. This can be a direct "postgres://"
    # URL, or it can be "file://" to read the contents of a file to
    # supply the url, or "env://" to name an environment variable
    # that contains the URL.
    database {
    url = "env://BOUNDARY_PG_URL"
    }
    }

    # API listener configuration block
    listener "tcp" {
    # Should be the address of the NIC that the controller server will be reached on
    address = "0.0.0.0"
    # The purpose of this listener block
    purpose = "api"

    tls_disable = true

    # Uncomment to enable CORS for the Admin UI. Be sure to set the allowed origin(s)
    # to appropriate values.
    #cors_enabled = true
    #cors_allowed_origins = ["https://yourcorp.yourdomain.com", "serve://boundary"]
    }

    # Data-plane listener configuration block (used for worker coordination)
    listener "tcp" {
    # Should be the IP of the NIC that the worker will connect on
    address = "0.0.0.0"
    # The purpose of this listener
    purpose = "cluster"

    tls_disable = true
    }


    # Root KMS configuration block: this is the root key for Boundary
    # Use a production KMS such as AWS KMS in production installs
    kms "transit" {
    purpose = "root"
    address = "URL"
    token = ""
    disable_renewal = "false"

    // Key configuration
    key_name = "boundary-root"
    mount_path = "transit/"
    namespace = "ns1/"
    }

    # Worker authorization KMS
    # Use a production KMS such as AWS KMS for production installs
    # This key is the same key used in the worker configuration
    kms "transit" {
    purpose = "worker-auth"
    address = ""
    token = ""
    disable_renewal = "false"

    // Key configuration
    key_name = "boundary-worker-auth"
    mount_path = "transit/"
    namespace = "ns1/"
    }

    # Recovery KMS block: configures the recovery key for Boundary
    # Use a production KMS such as AWS KMS for production installs
    kms "transit" {
    purpose = "recovery"
    address = ""
    token = ""
    disable_renewal = "false"

    // Key configuration
    key_name = "boundary-recovery"
    mount_path = "transit/"
    namespace = "ns1/"
    }