made vault-operator track vault upstream image, upgrade and enable ui

[dhrp]

By installing curl into the vault image at initialization, we don't need to have a customized vault image, and can track upstream.

This also upgrades to vault 0.10.2 and enables the (new) ui

closes #290

considerations:

This does mean that vault will install cURL from the configured apk repositories at initialization time, which makes it less suitable for an air-gapped cluster. On the flipside, those clusters can probably not use the operator anyway.

If you look closely I've reversed the (logical) order at sh -c to first drop the capabilities, then install curl, en then launch. This is because otherwise, the OS would somehow still be modifying the /bin/vault while it was being launched, causing a "text file busy" (modifying running executable) error.

credits to @kesselborn for suggesting this approach.

[FernandoFicoseco-natgeo]

How did you @dhrp compile the vault-operator after this mods ?

[gbevan]

For people searching for how to enable the vault ui, instead of this PR you can use a ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "myapp.fullname" . }}-vault-config
  labels:
    app: {{ template "myapp.name" . }}
    chart: {{ template "myapp.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
data:
  vault.hcl: |
    ui = true

and point vault-operator service using spec.configMapName:

apiVersion: "vault.security.coreos.com/v1alpha1"
kind: "VaultService"
metadata:
  name: {{ template "myapp.fullname" . }}-vault
  labels:
    app: {{ template "myapp.name" . }}
    chart: {{ template "myapp.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  nodes: 2
  baseImage: {{ .Values.vault.baseImage | quote }}
  version: {{ .Values.vault.version | quote }}
  configMapName: {{ template "myapp.fullname" . }}-vault-config