From 85c84910d325056212e8f7b70752d48a786f689c Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Fri, 15 Oct 2021 16:08:37 +0200
Subject: [PATCH] e2e: add a monitor container to the vault Pod

The command `vault monitor` can be used to stream logging from the Vault
service. This is very helpful while debugging Vault configuration
failures.

By adding a 2nd container to the Vault deployment, it is now possible to
get the messages from the Vault service by running

    $ kubectl logs -c monitor <vault-pod-0123abcd>

This will be very useful when the e2e tests do not delete the deployment
after a failure and fetch the logs from all containers.

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 examples/kms/vault/vault.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/examples/kms/vault/vault.yaml b/examples/kms/vault/vault.yaml
index 7521c070e..ad12afbd4 100644
--- a/examples/kms/vault/vault.yaml
+++ b/examples/kms/vault/vault.yaml
@@ -48,6 +48,8 @@ spec:
               value: sample_root_token_id
             - name: SKIP_SETCAP
               value: any
+            - name: HOME
+              value: /home
           livenessProbe:
             exec:
               command:
@@ -58,6 +60,28 @@ spec:
           ports:
             - containerPort: 8200
               name: vault-api
+          volumeMounts:
+            - name: home
+              mountPath: /home
+        - name: monitor
+          image: docker.io/library/vault:latest
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            runAsUser: 100
+          env:
+            - name: VAULT_ADDR
+              value: http://localhost:8200
+            - name: HOME
+              value: /home
+          command:
+            - vault
+            - monitor
+          volumeMounts:
+            - name: home
+              mountPath: /home
+      volumes:
+        - name: home
+          emptyDir: {}
 ---
 apiVersion: v1
 kind: ConfigMap