apiVersion: apps/v1
kind: Deployment
metadata:
  name: vault
  namespace: vault
spec:
  replicas: 1
  selector:
    matchLabels:
      app: vault
  template:
    metadata:
      labels:
        app: vault
    spec:
      securityContext:
        fsGroup: 1000
      containers:
      - name: vault
        image: hashicorp/vault:1.16
        args:
          - "server"
          - "-config=/vault/config/vault.hcl"
        securityContext:
          runAsUser: 0
          capabilities:
            add:
              - IPC_LOCK
        ports:
        - containerPort: 8200
        - containerPort: 8201
        volumeMounts:
        - name: config
          mountPath: /vault/config
      volumes:
      - name: config
        configMap:
          name: vault-config