From 71d8aa9fc59bcdb54dfdce9b2f3c589d91d95a9c Mon Sep 17 00:00:00 2001 From: Thomas Blarre Date: Thu, 14 Nov 2024 23:25:16 +0000 Subject: [PATCH] Refining vaultwarden --- .../templates/vaultwarden-requirements-app.yaml | 3 ++- vaultwarden-argocd-apps/values.yaml | 2 +- .../templates/encrypted-storage-class.yaml | 14 ++++++++++++++ .../templates/vaultwarden-data.yaml | 13 ------------- vaultwarden-requirements/values.yaml | 1 + 5 files changed, 18 insertions(+), 15 deletions(-) create mode 100644 vaultwarden-requirements/templates/encrypted-storage-class.yaml delete mode 100644 vaultwarden-requirements/templates/vaultwarden-data.yaml diff --git a/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml b/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml index 9a14bf0..42f25b2 100644 --- a/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml +++ b/vaultwarden-argocd-apps/templates/vaultwarden-requirements-app.yaml @@ -22,7 +22,8 @@ spec: dataPvc: name: {{ .Values.vaultwarden.dataPvc.name }} storageClassName: {{ .Values.vaultwarden.dataPvc.storageClassName }} - size: {{ .Values.vaultwarden.dataPvc.size }} + size: {{ .Values.vaultwarden.dataPvc.size }} + mainNamespace: {{ .Values.destnation.namespace }} destination: server: {{ .Values.destination.server }} namespace: {{ .Values.destination.namespace }} diff --git a/vaultwarden-argocd-apps/values.yaml b/vaultwarden-argocd-apps/values.yaml index c27afc8..dd231fb 100644 --- a/vaultwarden-argocd-apps/values.yaml +++ b/vaultwarden-argocd-apps/values.yaml @@ -25,7 +25,7 @@ vaultwarden: size: 10Gi attachmentPvc: name: vaultwarden-attachments - storageClassName: '' + storageClassName: 'linode-block-storage-retain-luks-vw' size: 10Gi fqdn: vaultwarden.domain.net timeZone: "Europe/Lisbon" diff --git a/vaultwarden-requirements/templates/encrypted-storage-class.yaml b/vaultwarden-requirements/templates/encrypted-storage-class.yaml new file mode 100644 index 0000000..b6aaf67 --- /dev/null +++ b/vaultwarden-requirements/templates/encrypted-storage-class.yaml @@ -0,0 +1,14 @@ +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: linode-block-storage-retain-luks-vw + namespace: kube-system +provisioner: linodebs.csi.linode.com +reclaimPolicy: Retain +parameters: + linodebs.csi.linode.com/luks-encrypted: "true" + linodebs.csi.linode.com/luks-cipher: "aes-xts-plain64" + linodebs.csi.linode.com/luks-key-size: "512" + csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.mainNamespace }} + csi.storage.k8s.io/node-stage-secret-name: vw-data-luks-key \ No newline at end of file diff --git a/vaultwarden-requirements/templates/vaultwarden-data.yaml b/vaultwarden-requirements/templates/vaultwarden-data.yaml deleted file mode 100644 index 7c326c3..0000000 --- a/vaultwarden-requirements/templates/vaultwarden-data.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if false -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Values.vaultwarden.dataPvc.name }} -spec: - storageClassName: {{ .Values.vaultwarden.dataPvc.storageClassName }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.vaultwarden.dataPvc.size }} -{{- end }} \ No newline at end of file diff --git a/vaultwarden-requirements/values.yaml b/vaultwarden-requirements/values.yaml index 4662ce9..e90eb18 100644 --- a/vaultwarden-requirements/values.yaml +++ b/vaultwarden-requirements/values.yaml @@ -6,3 +6,4 @@ vaultwarden: name: vaultwarden-data storageClassName: '' size: 10Gi +mainNamespace: vaultwarden \ No newline at end of file