# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: vault-benchmark

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-benchmark-configmap
data:
  k8s.hcl: |
    # Basic Benchmark config options
    vault_addr = "http://vault:8200"
    vault_token = "root"
    duration = "10s"
    report_mode = "terse"
    random_mounts = true
    cleanup = true

    test "kube_auth" "kube_auth_test1" {
      weight = 100
      config {
        auth {
          kubernetes_host = "https://kubernetes.default.svc"
        }
        role {
          name = "vault-benchmark-role"
          bound_service_account_names = ["vault-benchmark"]
          bound_service_account_namespaces = ["*"]
          token_max_ttl = "24h"
          token_ttl = "1h"
        }
      }
    }

---
apiVersion: batch/v1
kind: Job
metadata:
  name: vault-benchmark
spec:
  backoffLimit: 0
  template:
    metadata:
      name: vault-benchmark
      labels:
        app: vault-benchmark
    spec:
      containers:
      - name: vault-benchmark
        image: hashicorp/vault-benchmark:latest
        imagePullPolicy: IfNotPresent
        command: ["vault-benchmark"]
        args: [
          "run",
          "-config=/config/k8s.hcl",
        ]
        volumeMounts:
        - name: benchmark-config
          mountPath: "/config"
          readOnly: true
      restartPolicy: Never
      serviceAccountName: vault-benchmark
      volumes:
      - name: benchmark-config
        configMap:
          name: vault-benchmark-configmap