vw pvc

2025-03-29 23:50:08 +01:00
parent b9be3325c5
commit da0fcc7849
6 changed files with 92 additions and 70 deletions
--- a/vaultwarden/cm.yaml
+++ b/vaultwarden/cm.yaml
@@ -23,6 +23,7 @@ data:
  EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * *
  EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * *
  EXTENDED_LOGGING: "true"
+  EXPERIMENTAL_CLIENT_FEATURE_FLAGS: ssh-key-vault-item,ssh-agent
  http_request_block_non_global_ips: "true"
  ICON_BLACKLIST_NON_GLOBAL_IPS: "true"
  icon_cache_ttl: "2592000"
--- a/vaultwarden/kustomization.yaml
+++ b/vaultwarden/kustomization.yaml
@@ -4,5 +4,6 @@ kind: Kustomization

 resources:
  - cm.yaml
-  - vaultwarden.yaml
-  
+  - main.yaml
+  - pvc.yaml
+  - ss.yaml
--- a/vaultwarden/vaultwarden.yaml
+++ b/vaultwarden/vaultwarden.yaml
@@ -120,70 +120,3 @@ spec:
    app.kubernetes.io/instance: vaultwarden
    app.kubernetes.io/name: vaultwarden
  type: ClusterIP
---
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    app.kubernetes.io/component: vaultwarden
-    app.kubernetes.io/instance: vaultwarden
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: vaultwarden
-    app.kubernetes.io/version: 1.33.2
-    helm.sh/chart: vaultwarden-0.31.8
-  name: vaultwarden
-  namespace: vaultwarden
-spec:
-  persistentVolumeClaimRetentionPolicy:
-    whenDeleted: Retain
-    whenScaled: Retain
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: vaultwarden
-      app.kubernetes.io/instance: vaultwarden
-      app.kubernetes.io/name: vaultwarden
-  serviceName: vaultwarden
-  template:
-    metadata:
-      annotations:
-        checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f
-        checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4
-      labels:
-        app.kubernetes.io/component: vaultwarden
-        app.kubernetes.io/instance: vaultwarden
-        app.kubernetes.io/name: vaultwarden
-    spec:
-      containers:
-      - envFrom:
-        - configMapRef:
-            name: vaultwarden
-        - secretRef:
-            name: vaultwarden
-        image: docker.io/vaultwarden/server:1.33.2-alpine
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 10
-          httpGet:
-            path: /alive
-            port: http
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        name: vaultwarden
-        ports:
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /alive
-            port: http
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        resources: {}
-      serviceAccountName: vaultwarden-svc
--- a/vaultwarden/pvc.yaml
+++ b/vaultwarden/pvc.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-data-pvc
+  namespace: vaultwarden
+spec:
+  storageClassName: openebs-3-replicas
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
--- a/vaultwarden/secret-vaultwarden.yaml
+++ b/vaultwarden/secret-vaultwarden.yaml
@@ -12,7 +12,7 @@ metadata:
  namespace: vaultwarden
 type: Opaque
 data:
-  ADMIN_TOKEN: "PTE5PTY1NTQwLHQ9MyxwPTQrU01pMkRmZkVIbGtqYWkrVDJmd1IrZCt0TXM="
+  ADMIN_TOKEN: JGFyZ29uMmlkJHY9MTkkbT02NTU0MCx0PTMscD00JEw5MXlTaWhxRGR0N0tSNngrU01pMkRmZkVIbGtqYWkrVDJmd1IrZCt0TXMkRGR4d2d4aG8xUk5ZbmxlbFY3V1B6b2dlU1VlUnRScmJJMEhTTnlmMDRaTQ==
  #DUO_SKEY: ""
  #PUSH_INSTALLATION_ID: ""
  #PUSH_INSTALLATION_KEY: ""
--- a/vaultwarden/ss.yaml
+++ b/vaultwarden/ss.yaml
@@ -0,0 +1,74 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/component: vaultwarden
+    app.kubernetes.io/instance: vaultwarden
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: vaultwarden
+    app.kubernetes.io/version: 1.33.2
+    helm.sh/chart: vaultwarden-0.31.8
+  name: vaultwarden
+  namespace: vaultwarden
+spec:
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Retain
+    whenScaled: Retain
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: vaultwarden
+      app.kubernetes.io/instance: vaultwarden
+      app.kubernetes.io/name: vaultwarden
+  serviceName: vaultwarden
+  template:
+    metadata:
+      annotations:
+        checksum/config: 168947ab11e3ea29e464b86f13ba129b41fa167f
+        checksum/secret: 63df1807c40909b47d8731b04a208cffc9f387f4
+      labels:
+        app.kubernetes.io/component: vaultwarden
+        app.kubernetes.io/instance: vaultwarden
+        app.kubernetes.io/name: vaultwarden
+    spec:
+      containers:
+      - envFrom:
+        - configMapRef:
+            name: vaultwarden
+        - secretRef:
+            name: vaultwarden
+        image: docker.io/vaultwarden/server:1.33.2-alpine
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /alive
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        name: vaultwarden
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /alive
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources: {}
+        volumeMounts:
+        - name: vaultwarden-data
+          mountPath: /data
+      volumes:
+      - name: vaultwarden-data
+        persistentVolumeClaim:
+          claimName: vaultwarden-data-pvc
+      serviceAccountName: vaultwarden-svc