Vaultwarden replicas with Vault provided JWTs
This commit is contained in:
parent
60cb3d1419
commit
12328f342f
|
@ -34,3 +34,18 @@ spec:
|
||||||
rolloutRestartTargets:
|
rolloutRestartTargets:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
---
|
||||||
|
apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
|
kind: VaultStaticSecret
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden-keys
|
||||||
|
namespace: vaultwarden
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
create: true
|
||||||
|
name: vaultwarden-keys
|
||||||
|
mount: kv
|
||||||
|
path: vaultwarden/keys
|
||||||
|
refreshAfter: 30s
|
||||||
|
type: kv-v2
|
||||||
|
vaultAuthRef: vault
|
||||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
namespace: vaultwarden
|
namespace: vaultwarden
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 2
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: vaultwarden
|
app: vaultwarden
|
||||||
|
@ -16,16 +16,26 @@ spec:
|
||||||
volumes:
|
volumes:
|
||||||
- name: data-dir
|
- name: data-dir
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
|
- name: rsa-key
|
||||||
|
secret:
|
||||||
|
secretName: vaultwarden-keys
|
||||||
|
initContainers:
|
||||||
|
- name: copy-keys
|
||||||
|
image: busybox:1.36
|
||||||
|
command: ['sh', '-c', 'cp /keys/rsa_key.pem /data' ]
|
||||||
|
volumeMounts:
|
||||||
|
- name: data-dir
|
||||||
|
mountPath: /data
|
||||||
|
- name: rsa-key
|
||||||
|
mountPath: /keys
|
||||||
containers:
|
containers:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
image: vaultwarden/server:1.31.0
|
image: vaultwarden/server:1.31.0
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: "128Mi"
|
memory: "256Mi"
|
||||||
cpu: "500m"
|
|
||||||
requests:
|
requests:
|
||||||
memory: "64Mi"
|
memory: "32Mi"
|
||||||
cpu: "100m"
|
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
|
@ -41,6 +51,20 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
name: web
|
name: web
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /alive
|
||||||
|
port: 80
|
||||||
|
failureThreshold: 1
|
||||||
|
initialDelaySeconds: 2
|
||||||
|
periodSeconds: 10
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /alive
|
||||||
|
port: 80
|
||||||
|
failureThreshold: 1
|
||||||
|
initialDelaySeconds: 2
|
||||||
|
periodSeconds: 10
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data-dir
|
- name: data-dir
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
|
|
Loading…
Reference in a new issue