apiVersion: v1
kind: ConfigMap
metadata:
  name: dsk-vault-agent-config
data:
  server.tmpl: |
    {{ with secret "tls/data/server" }}{{ toJSON .Data.data }}
    {{ end }}

  client.tmpl: |
    {{ with secret "tls/data/client" }}{{ toJSON .Data.data }}
    {{ end }}

  agent.hcl: |
    pid_file = "./pidfile"

    vault {
      address="http://vault-ui.dsk-middle:8200"
    }

    auto_auth {
      method {
        type = "approle"
        config = {
          role_id_file_path = "/vault-agent/role-id"
          secret_id_file_path = "/vault-agent/secret-id"
          remove_secret_id_file_after_reading = false
        }
      }

      sink {
        type = "file"
        config = {
          path = "/vault-agent/.vault-token"
          mode = 0644
        }
      }
    }

    template_config {
      static_secret_render_interval = "10s"
    }

    template {
      source = "/vault-agent/conf/server.tmpl"
      destination = "/vault-agent/serverTls"
    }

    template {
      source = "/vault-agent/conf/client.tmpl"
      destination = "/vault-agent/clientTls"
    }