Skip to content

Instantly share code, notes, and snippets.

@Clivern

Clivern/openbao.md

Last active September 30, 2025 20:41
Show Gist options
  • Save Clivern/790267950cce8ddfad930ba73c97174f to your computer and use it in GitHub Desktop.
Save Clivern/790267950cce8ddfad930ba73c97174f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openbao.md

openbao.yml

---
apiVersion: v1
kind: Pod
metadata:
  labels:
    app: openbao
    env: prod
  name: openbao
spec:
  containers:
  - args:
    - bao
    - server
    - -config=/etc/bao.d/config.hcl
    env:
    - name: VAULT_ADDR
      value: http://167.71.15.10:8200
    - name: BAO_ADDR
      value: http://167.71.15.10:8200
    image: docker.io/openbao/openbao:2.4.1
    name: node
    ports:
    - containerPort: 8200
      hostPort: 8200
    - containerPort: 8201
      hostPort: 8201
    volumeMounts:
    - mountPath: /etc/bao.d
      name: opt-openbao-config
      readOnly: true
    - mountPath: /var/lib/bao
      name: opt-openbao-data
  volumes:
  - hostPath:
      path: /opt/openbao/config
      type: Directory
    name: opt-openbao-config
  - hostPath:
      path: /opt/openbao/data
      type: Directory
    name: opt-openbao-data

openbao.kube

[Unit]
Description=Podman Kube Unit for OpenBao
Wants=network-online.target
After=network-online.target

[Kube]
Yaml=/root/ba/openbao.yml
AutoUpdate=registry

[Service]
Restart=always

[Install]
# Start by default on boot
WantedBy=multi-user.target default.target

$ cp openbao.kube /etc/containers/systemd/
$ sudo systemctl daemon-reload
$ cat /run/systemd/generator/openbao.service
$ cp /run/systemd/generator/openbao.service /etc/systemd/system/
$ systemctl enable --now openbao
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment