From 619e1cbc3ef7576ef4c372fad8015182118fa679 Mon Sep 17 00:00:00 2001
From: Vshivkov Vladimir <vshivkovvladimir@gmail.com>
Date: Thu, 21 Nov 2024 13:31:00 +0100
Subject: [PATCH] add vault injector

---
 kustomize/sd3/frontend/base/deployment.yaml | 74 +++++++++++++++++----
 1 file changed, 60 insertions(+), 14 deletions(-)

diff --git a/kustomize/sd3/frontend/base/deployment.yaml b/kustomize/sd3/frontend/base/deployment.yaml
index d0e8c60..f91f23f 100644
--- a/kustomize/sd3/frontend/base/deployment.yaml
+++ b/kustomize/sd3/frontend/base/deployment.yaml
@@ -8,23 +8,69 @@ spec:
   replicas: 1
   selector:
     matchLabels:
-      app: sd3-frontend
+      app: sd3-frontend 
   template:
     metadata:
       labels:
-        app: sd3-frontend
+        app: sd3-frontend 
     spec:
       serviceAccount: sd3
       containers:
-        - name: sd3-frontend
-          image: sd3-frontend
-          ports:
-            - containerPort: 80
-              name: http
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-            limits:
-              cpu: 200m
-              memory: 256Mi
+      - name: sd3-frontend
+        image: sd3-frontend
+        command:
+          ["/bin/sh", "-c"]
+        args:
+          ['source /secrets/sd3-api-env && nginx -g "daemon off;"']
+        ports:
+          - containerPort: 80
+            name: http
+        resources:
+          requests:
+            cpu: 200m 
+            memory: 256Mi 
+          limits:
+            cpu: 500m 
+            memory: 512Mi 
+        volumeMounts:
+          - mountPath: "/secrets"
+            name: "secrets"
+      initContainers:
+      - name: "vault-agent"
+        command:
+        - "sh"
+        - "-c"
+        - "vault agent -config=/etc/vault/vault-agent.hcl -exit-after-auth=true"
+        env:
+        - name: "VAULT_ADDR"
+          value: "https://vault-lb.eco.tsi-dev.otc-service.com:8200"
+        image: "hashicorp/vault"
+        resources:
+          limits:
+            cpu: "300m"
+            memory: "300Mi"
+          requests:
+            cpu: "50m"
+            memory: "50Mi"
+        volumeMounts:
+        - mountPath: "/etc/vault"
+          name: "vault-agent-config"
+        - mountPath: "/secrets"
+          name: "secrets"
+        - mountPath: "/var/run/secrets/tokens"
+          name: "k8-tokens"
+          readOnly: true
+      volumes:
+      - name: vault-agent-config
+        configMap:
+          defaultMode: 420
+          name: sd3-front-vault-config
+      - name: secrets
+        emptyDir: {} 
+      - name: "k8-tokens"
+        projected:
+          defaultMode: 420
+          sources:
+          - serviceAccountToken:
+              expirationSeconds: 7200 
+              path: "vault-token"