teepot/examples/k8s/vault-2-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kompose.cmd: kompose convert
  labels:
    io.kompose.network/teepot-default: "true"
    io.kompose.service: vault-2
    app: vault
  name: vault-2
  namespace: default
spec:
  tolerations:
    - key: sgx.intel.com/provision
      operator: Exists
      effect: NoSchedule
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - topologyKey: kubernetes.io/hostname
          labelSelector:
            matchExpressions:
              - key: app
                operator: In
                values:
                  - vault
  imagePullSecrets:
    - name: docker-regcred
  containers:
    - image: matterlabsrobot/teepot-vault-sgx-azure:latest
      name: vault
      imagePullPolicy: Always
      env:
        - name: VAULT_API_ADDR
          value: "https://vault-2:8210"
        - name: VAULT_CLUSTER_ADDR
          value: "https://vault-2:8211"
        - name: VAULT_RAFT_NODE_ID
          value: "vault-2"
      readinessProbe:
        exec:
          command:
          - curl
          - -k
          - https://localhost:8210/v1/sys/health
        initialDelaySeconds: 5
        periodSeconds: 5
      ports:
        - containerPort: 8210
          hostPort: 8210
          protocol: TCP
        - containerPort: 8211
          hostPort: 8211
          protocol: TCP
      resources:
        limits:
          sgx.intel.com/epc: "10Mi"
        requests:
          sgx.intel.com/epc: "10Mi"
      securityContext:
        privileged: true
      volumeMounts:
        - mountPath: /opt/vault/tls
          name: shared-2
        - mountPath: /opt/vault/data
          name: data-2
    - image: matterlabsrobot/teepot-vault-unseal-sgx-azure:latest
      name: vault-unseal
      imagePullPolicy: Always
      env:
        - name: VAULT_ADDR
          value: "https://vault-2:8210"
        - name: ALLOWED_TCB_LEVELS
          value: "SwHardeningNeeded"
      ports:
        - containerPort: 8443
          hostPort: 8443
          protocol: TCP
      resources:
        limits:
          sgx.intel.com/epc: "10Mi"
        requests:
          sgx.intel.com/epc: "10Mi"
      securityContext:
        privileged: true
      volumeMounts:
        - mountPath: /opt/vault/tls
          name: shared-2
  restartPolicy: Never
  volumes:
    - name: shared-2
      persistentVolumeClaim:
        claimName: shared-2
    - name: data-2
      persistentVolumeClaim:
        claimName: data-2
status: {}