arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Vaultwarden replicas with Vault provided JWTs

Browse source
This commit is contained in:
Gabriel Simmer 2024-07-14 15:43:05 +01:00
parent 60cb3d1419
commit 12328f342f
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
2 changed files with 44 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml
View file

@ -34,3 +34,18 @@ spec:
rolloutRestartTargets:
- name: vaultwarden
kind: Deployment
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: vaultwarden-keys
namespace: vaultwarden
spec:
destination:
create: true
name: vaultwarden-keys
mount: kv
path: vaultwarden/keys
refreshAfter: 30s
type: kv-v2
vaultAuthRef: vault

34
kubernetes/vaultwarden/deployment.yaml
View file

@ -4,7 +4,7 @@ metadata:
name: vaultwarden
namespace: vaultwarden
spec:
replicas: 1
replicas: 2
selector:
matchLabels:
app: vaultwarden
@ -16,16 +16,26 @@ spec:
volumes:
- name: data-dir
emptyDir: {}
- name: rsa-key
secret:
secretName: vaultwarden-keys
initContainers:
- name: copy-keys
image: busybox:1.36
command: ['sh', '-c', 'cp /keys/rsa_key.pem /data' ]
volumeMounts:
- name: data-dir
mountPath: /data
- name: rsa-key
mountPath: /keys
containers:
- name: vaultwarden
image: vaultwarden/server:1.31.0
resources:
limits:
memory: "128Mi"
cpu: "500m"
memory: "256Mi"
requests:
memory: "64Mi"
cpu: "100m"
memory: "32Mi"
envFrom:
- secretRef:
name: vaultwarden
@ -41,6 +51,20 @@ spec:
ports:
- containerPort: 80
name: web
livenessProbe:
httpGet:
path: /alive
port: 80
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
readinessProbe:
httpGet:
path: /alive
port: 80
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
volumeMounts:
- name: data-dir
mountPath: /data