chore: simplify istio example

Signed-off-by: Ramiz Polic <ramiz.polic@hotmail.com>
bank-vaults · Jun 27, 2023 · 33e7960 · 33e7960
1 parent 0546a1b
commit 33e7960
Showing 1 changed file with 1 addition and 99 deletions.
diff --git a/deploy/examples/cr-istio.yaml b/deploy/examples/cr-istio.yaml
@@ -2,7 +2,6 @@ apiVersion: "vault.banzaicloud.com/v1alpha1"
 kind: Vault
 metadata:
   name: vault
-  namespace: vault
 spec:
   size: 1
   image: vault:1.3.1
@@ -96,7 +95,7 @@ spec:
       # This is true by default
       preFlightChecks: true
     kubernetes:
-      secretNamespace: vault
+      secretNamespace: default
 
   # A YAML representation of a final vault config file.
   # See https://www.vaultproject.io/docs/configuration/ for more information.
@@ -200,7 +199,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: vault-file
-  namespace: vault
 spec:
   # https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
   # storageClassName: ""
@@ -209,99 +207,3 @@ spec:
   resources:
     requests:
       storage: 1Gi
-
----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: vault
-  namespace: vault
-
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: vault-secrets
-  namespace: vault
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - "*"
-
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: vault-secrets
-  namespace: vault
-roleRef:
-  kind: Role
-  name: vault-secrets
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: vault
-
----
-# This binding allows the deployed Vault instance to authenticate clients
-# through Kubernetes ServiceAccounts (if configured so).
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: vault-auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
-  - kind: ServiceAccount
-    name: vault
-    namespace: vault
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: app
-  namespace: app
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: app
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: app
-      annotations:
-        vault.security.banzaicloud.io/vault-addr: "https://vault.vault:8200"
-        vault.security.banzaicloud.io/vault-tls-secret: vault-tls
-    spec:
-      # initContainers only works if Vault is having PERMISSIVE authentication policy in Istio
-      initContainers:
-        - name: init-ubuntu
-          image: ubuntu
-          command:
-            [
-              "sh",
-              "-c",
-              "echo $AWS_SECRET_ACCESS_KEY && echo initContainers ready",
-            ]
-          env:
-            - name: AWS_SECRET_ACCESS_KEY
-              value: vault:secret/data/accounts/aws#${.AWS_SECRET_ACCESS_KEY} # Go templates are also supported with ${} delimiters
-      containers:
-        - name: app
-          image: alpine
-          command:
-            [
-              "sh",
-              "-c",
-              "echo $AWS_SECRET_ACCESS_KEY && echo going to sleep... && sleep 10000",
-            ]
-          env:
-            - name: AWS_SECRET_ACCESS_KEY
-              value: vault:secret/data/accounts/aws#AWS_SECRET_ACCESS_KEY