apiVersion: apps/v1
kind: Deployment
metadata:
  name: vault
  namespace: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vault
  template:
    metadata:
      labels:
        app: vault
    spec:
      containers:
      - name: vault
        image: hashicorp/vault:1.16
        args:
          - "server"
          - "-config=/vault/config/vault.hcl"
        securityContext:
          runAsUser: 0
          capabilities:
            add:
              - IPC_LOCK
        env:
        - name: VAULT_DISABLE_CHOWN
          value: "true"
        volumeMounts:
        - name: config
          mountPath: /vault/config
          readOnly: true
        - name: data
          mountPath: /vault/data
      volumes:
      - name: config
        configMap:
          name: vault-config
      - name: data
        persistentVolumeClaim:
          claimName: vault-data