diff --git a/vaultwarden/cm.yaml b/vaultwarden/cm.yaml index f989c71..6828165 100644 --- a/vaultwarden/cm.yaml +++ b/vaultwarden/cm.yaml @@ -23,6 +23,7 @@ data: EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * * EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * * EXTENDED_LOGGING: "true" + EXPERIMENTAL_CLIENT_FEATURE_FLAGS: ssh-key-vault-item,ssh-agent http_request_block_non_global_ips: "true" ICON_BLACKLIST_NON_GLOBAL_IPS: "true" icon_cache_ttl: "2592000" diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml index cc32469..afde5d6 100644 --- a/vaultwarden/kustomization.yaml +++ b/vaultwarden/kustomization.yaml @@ -4,5 +4,6 @@ kind: Kustomization resources: - cm.yaml - - vaultwarden.yaml - \ No newline at end of file + - main.yaml + - pvc.yaml + - ss.yaml \ No newline at end of file diff --git a/vaultwarden/vaultwarden.yaml b/vaultwarden/main.yaml similarity index 55% rename from vaultwarden/vaultwarden.yaml rename to vaultwarden/main.yaml index ba0bfda..31e658d 100644 --- a/vaultwarden/vaultwarden.yaml +++ b/vaultwarden/main.yaml @@ -120,70 +120,3 @@ spec: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden type: ClusterIP ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app.kubernetes.io/component: vaultwarden - app.kubernetes.io/instance: vaultwarden - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: vaultwarden - app.kubernetes.io/version: 1.33.2 - helm.sh/chart: vaultwarden-0.31.8 - name: vaultwarden - namespace: vaultwarden -spec: - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: vaultwarden - app.kubernetes.io/instance: vaultwarden - app.kubernetes.io/name: vaultwarden - serviceName: vaultwarden - template: - metadata: - annotations: - checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f - checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4 - labels: - app.kubernetes.io/component: vaultwarden - app.kubernetes.io/instance: vaultwarden - app.kubernetes.io/name: vaultwarden - spec: - containers: - - envFrom: - - configMapRef: - name: vaultwarden - - secretRef: - name: vaultwarden - image: docker.io/vaultwarden/server:1.33.2-alpine - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 10 - httpGet: - path: /alive - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: vaultwarden - ports: - - containerPort: 8080 - name: http - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /alive - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: {} - serviceAccountName: vaultwarden-svc diff --git a/vaultwarden/pvc.yaml b/vaultwarden/pvc.yaml new file mode 100644 index 0000000..11f3341 --- /dev/null +++ b/vaultwarden/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-data-pvc + namespace: vaultwarden +spec: + storageClassName: openebs-3-replicas + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi \ No newline at end of file diff --git a/vaultwarden/secret-vaultwarden.yaml b/vaultwarden/secret-vaultwarden.yaml index 2414be4..9284620 100644 --- a/vaultwarden/secret-vaultwarden.yaml +++ b/vaultwarden/secret-vaultwarden.yaml @@ -12,7 +12,7 @@ metadata: namespace: vaultwarden type: Opaque data: - ADMIN_TOKEN: "PTE5PTY1NTQwLHQ9MyxwPTQrU01pMkRmZkVIbGtqYWkrVDJmd1IrZCt0TXM=" + ADMIN_TOKEN: JGFyZ29uMmlkJHY9MTkkbT02NTU0MCx0PTMscD00JEw5MXlTaWhxRGR0N0tSNngrU01pMkRmZkVIbGtqYWkrVDJmd1IrZCt0TXMkRGR4d2d4aG8xUk5ZbmxlbFY3V1B6b2dlU1VlUnRScmJJMEhTTnlmMDRaTQ== #DUO_SKEY: "" #PUSH_INSTALLATION_ID: "" #PUSH_INSTALLATION_KEY: "" diff --git a/vaultwarden/ss.yaml b/vaultwarden/ss.yaml new file mode 100644 index 0000000..1b5ed7f --- /dev/null +++ b/vaultwarden/ss.yaml @@ -0,0 +1,74 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.33.2 + helm.sh/chart: vaultwarden-0.31.8 + name: vaultwarden + namespace: vaultwarden +spec: + persistentVolumeClaimRetentionPolicy: + whenDeleted: Retain + whenScaled: Retain + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + serviceName: vaultwarden + template: + metadata: + annotations: + checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f + checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4 + labels: + app.kubernetes.io/component: vaultwarden + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + spec: + containers: + - envFrom: + - configMapRef: + name: vaultwarden + - secretRef: + name: vaultwarden + image: docker.io/vaultwarden/server:1.33.2-alpine + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /alive + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: vaultwarden + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /alive + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + volumeMounts: + - name: vaultwarden-data + mountPath: /data + volumes: + - name: vaultwarden-data + persistentVolumeClaim: + claimName: vaultwarden-data-pvc + serviceAccountName: vaultwarden-svc \ No newline at end of file