diff --git a/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml b/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml index e02a024..3617813 100644 --- a/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml +++ b/kubernetes/vaultwarden/VaultStaticSecret-vaultwarden.yaml @@ -34,3 +34,18 @@ spec: rolloutRestartTargets: - name: vaultwarden kind: Deployment +--- +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: vaultwarden-keys + namespace: vaultwarden +spec: + destination: + create: true + name: vaultwarden-keys + mount: kv + path: vaultwarden/keys + refreshAfter: 30s + type: kv-v2 + vaultAuthRef: vault diff --git a/kubernetes/vaultwarden/deployment.yaml b/kubernetes/vaultwarden/deployment.yaml index c6be787..055c51b 100644 --- a/kubernetes/vaultwarden/deployment.yaml +++ b/kubernetes/vaultwarden/deployment.yaml @@ -4,7 +4,7 @@ metadata: name: vaultwarden namespace: vaultwarden spec: - replicas: 1 + replicas: 2 selector: matchLabels: app: vaultwarden @@ -16,16 +16,26 @@ spec: volumes: - name: data-dir emptyDir: {} + - name: rsa-key + secret: + secretName: vaultwarden-keys + initContainers: + - name: copy-keys + image: busybox:1.36 + command: ['sh', '-c', 'cp /keys/rsa_key.pem /data' ] + volumeMounts: + - name: data-dir + mountPath: /data + - name: rsa-key + mountPath: /keys containers: - name: vaultwarden image: vaultwarden/server:1.31.0 resources: limits: - memory: "128Mi" - cpu: "500m" + memory: "256Mi" requests: - memory: "64Mi" - cpu: "100m" + memory: "32Mi" envFrom: - secretRef: name: vaultwarden @@ -41,6 +51,20 @@ spec: ports: - containerPort: 80 name: web + livenessProbe: + httpGet: + path: /alive + port: 80 + failureThreshold: 1 + initialDelaySeconds: 2 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /alive + port: 80 + failureThreshold: 1 + initialDelaySeconds: 2 + periodSeconds: 10 volumeMounts: - name: data-dir mountPath: /data