deployment.yml

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: vault-sidekick
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: vault-sidekick
    spec:
      serviceAccountName: vault-tokenreview
      automountServiceAccountToken: true
      containers:
      - name: sidekick
        image: quay.io/gmaliar/vault-sidekick:v0.3.9
        imagePullPolicy: Always
        resources:
          limits:
            cpu: 10m
            memory: 50Mi
        args:
          - -output=/usr/share/nginx/html
          - -cn=secret:database/creds/postgres-role:file=index.html
          - -logtostderr=true
          - -tls-skip-verify
          - -v=3
        env:
        - name: VAULT_AUTH_METHOD
          value: kubernetes
        - name: VAULT_ADDR
          value: https://vault.default.svc:8200
        - name: VAULT_SIDEKICK_ROLE
          value: postgres-role
        volumeMounts:
        - name: secrets
          mountPath: /usr/share/nginx/html
      - name: nginx
        image: nginx:1.15.8
        ports:
        - containerPort: 80
        resources:
          limits:
            cpu: 10m
            memory: 50Mi
        volumeMounts:
        - name: secrets
          mountPath: /usr/share/nginx/html
      volumes:
      - name: secrets
        emptyDir: {}