From 6f58091d74668bb866ae178c24f5128c10b55eb0 Mon Sep 17 00:00:00 2001 From: Joel Beskow Date: Mon, 27 Nov 2023 15:39:12 -0600 Subject: [PATCH] Adding a PVC for logs --- charts/self-host/templates/admin.yaml | 24 +++++++++++++++++++ charts/self-host/templates/api.yaml | 24 +++++++++++++++++++ charts/self-host/templates/events.yaml | 24 +++++++++++++++++++ charts/self-host/templates/helpers.tpl | 7 ++++++ charts/self-host/templates/icons.yaml | 24 +++++++++++++++++++ charts/self-host/templates/identity.yaml | 24 +++++++++++++++++++ charts/self-host/templates/notifications.yaml | 24 +++++++++++++++++++ .../templates/pre-install-hook-configmap.yaml | 2 ++ charts/self-host/templates/scim.yaml | 24 +++++++++++++++++++ charts/self-host/templates/sso.yaml | 24 +++++++++++++++++++ charts/self-host/templates/volumes.yaml | 22 +++++++++++++++++ charts/self-host/values.schema.json | 17 +++++++++++++ charts/self-host/values.yaml | 5 ++++ 13 files changed, 245 insertions(+) diff --git a/charts/self-host/templates/admin.yaml b/charts/self-host/templates/admin.yaml index 2e09ce86..fd2ee66c 100644 --- a/charts/self-host/templates/admin.yaml +++ b/charts/self-host/templates/admin.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.admin.podServiceAccount }} serviceAccount: "{{ .Values.component.admin.podServiceAccount }}" serviceAccountName: "{{ .Values.component.admin.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/admin + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.admin" . }} @@ -58,6 +72,11 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: admin + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -72,6 +91,11 @@ spec: - name: licenses persistentVolumeClaim: claimName: {{ template "bitwarden.licenses" . }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/charts/self-host/templates/api.yaml b/charts/self-host/templates/api.yaml index aec3af17..fd448da8 100644 --- a/charts/self-host/templates/api.yaml +++ b/charts/self-host/templates/api.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.api.podServiceAccount }} serviceAccount: "{{ .Values.component.api.podServiceAccount }}" serviceAccountName: "{{ .Values.component.api.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/api + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.api" . }} @@ -60,6 +74,11 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: api + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -77,6 +96,11 @@ spec: - name: licenses persistentVolumeClaim: claimName: {{ template "bitwarden.licenses" . }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/charts/self-host/templates/events.yaml b/charts/self-host/templates/events.yaml index 2dec2d3b..61390460 100644 --- a/charts/self-host/templates/events.yaml +++ b/charts/self-host/templates/events.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.events.podServiceAccount }} serviceAccount: "{{ .Values.component.events.podServiceAccount }}" serviceAccountName: "{{ .Values.component.events.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/events + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.events" . }} @@ -59,6 +73,11 @@ spec: mountPath: "/mnt/secrets-store" readOnly: true {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: events + {{- end }} securityContext: {{ toYaml .Values.component.events.securityContext | indent 10 }} volumes: @@ -70,6 +89,11 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} --- apiVersion: v1 diff --git a/charts/self-host/templates/helpers.tpl b/charts/self-host/templates/helpers.tpl index d77f2860..281cdf23 100644 --- a/charts/self-host/templates/helpers.tpl +++ b/charts/self-host/templates/helpers.tpl @@ -182,6 +182,13 @@ Name of Licenses volume {{ template "bitwarden.fullname" . }}-licenses {{- end -}} +{{/* +Name of Logs volume +*/}} +{{- define "bitwarden.applogs" -}} +{{ template "bitwarden.fullname" . }}-applogs +{{- end -}} + {{/* Name of MSSQL Backups volume diff --git a/charts/self-host/templates/icons.yaml b/charts/self-host/templates/icons.yaml index 390affa8..5911ad59 100644 --- a/charts/self-host/templates/icons.yaml +++ b/charts/self-host/templates/icons.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.icons.podServiceAccount }} serviceAccount: "{{ .Values.component.icons.podServiceAccount }}" serviceAccountName: "{{ .Values.component.icons.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/icons + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.icons" . }} @@ -57,6 +71,11 @@ spec: mountPath: "/mnt/secrets-store" readOnly: true {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: icons + {{- end }} resources: {{ toYaml .Values.component.icons.resources | indent 10 }} securityContext: @@ -70,6 +89,11 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} --- apiVersion: v1 diff --git a/charts/self-host/templates/identity.yaml b/charts/self-host/templates/identity.yaml index 7fd7f417..22656f5f 100644 --- a/charts/self-host/templates/identity.yaml +++ b/charts/self-host/templates/identity.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.identity.podServiceAccount }} serviceAccount: "{{ .Values.component.identity.podServiceAccount }}" serviceAccountName: "{{ .Values.component.identity.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/identity + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.identity" . }} @@ -62,6 +76,11 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: identity + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -79,6 +98,11 @@ spec: - name: licenses persistentVolumeClaim: claimName: {{ template "bitwarden.licenses" . }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/charts/self-host/templates/notifications.yaml b/charts/self-host/templates/notifications.yaml index 2594bae5..d8fea8fa 100644 --- a/charts/self-host/templates/notifications.yaml +++ b/charts/self-host/templates/notifications.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.notifications.podServiceAccount }} serviceAccount: "{{ .Values.component.notifications.podServiceAccount }}" serviceAccountName: "{{ .Values.component.notifications.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/notifications + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.notifications" . }} @@ -59,6 +73,11 @@ spec: mountPath: "/mnt/secrets-store" readOnly: true {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: notifications + {{- end }} securityContext: {{ toYaml .Values.component.notifications.securityContext | indent 10 }} volumes: @@ -70,6 +89,11 @@ spec: volumeAttributes: secretProviderClass: {{ .Values.secrets.secretProviderClass }} {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} --- apiVersion: v1 diff --git a/charts/self-host/templates/pre-install-hook-configmap.yaml b/charts/self-host/templates/pre-install-hook-configmap.yaml index 212265b7..0bde3890 100644 --- a/charts/self-host/templates/pre-install-hook-configmap.yaml +++ b/charts/self-host/templates/pre-install-hook-configmap.yaml @@ -44,7 +44,9 @@ data: globalSettings__oidcIdentityClientKey: {{ (randAlphaNum 64) | quote }} globalSettings__duo__aKey: {{ (randAlphaNum 64) | quote }} {{- end }} +{{- if not (and .Values.volume.logs .Values.volume.logs.enabled) }} globalSettings__logDirectory: "/dev/null" +{{- end }} globalSettings__logRollBySizeLimit: "" globalSettings__syslog__destination: "" globalSettings__dataProtection__directory: "/etc/bitwarden/core/aspnet-dataprotection" diff --git a/charts/self-host/templates/scim.yaml b/charts/self-host/templates/scim.yaml index b088362a..0a615211 100644 --- a/charts/self-host/templates/scim.yaml +++ b/charts/self-host/templates/scim.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.scim.podServiceAccount }} serviceAccount: "{{ .Values.component.scim.podServiceAccount }}" serviceAccountName: "{{ .Values.component.scim.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/scim + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.scim" . }} @@ -61,6 +75,11 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: scim + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -78,6 +97,11 @@ spec: - name: licenses persistentVolumeClaim: claimName: {{ template "bitwarden.licenses" . }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/charts/self-host/templates/sso.yaml b/charts/self-host/templates/sso.yaml index fc4df38b..3e713e71 100644 --- a/charts/self-host/templates/sso.yaml +++ b/charts/self-host/templates/sso.yaml @@ -28,6 +28,20 @@ spec: {{- if .Values.component.sso.podServiceAccount }} serviceAccount: "{{ .Values.component.sso.podServiceAccount }}" serviceAccountName: "{{ .Values.component.sso.podServiceAccount }}" + {{- end }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + initContainers: + - name: create-mount-subdir + command: + - "/bin/bash" + - "-c" + args: [' + mkdir -p /logs/sso + '] + image: "bitnami/kubectl:1.19" + volumeMounts: + - name: applogs + mountPath: /logs {{- end }} containers: - name: {{ template "bitwarden.sso" . }} @@ -62,6 +76,11 @@ spec: mountPath: /etc/bitwarden/core/aspnet-dataprotection - name: licenses mountPath: /etc/bitwarden/core/licenses + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + mountPath: /etc/bitwarden/logs + subPath: sso + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline mountPath: "/mnt/secrets-store" @@ -79,6 +98,11 @@ spec: - name: licenses persistentVolumeClaim: claimName: {{ template "bitwarden.licenses" . }} + {{- if and .Values.volume.logs .Values.volume.logs.enabled }} + - name: applogs + persistentVolumeClaim: + claimName: {{ template "bitwarden.applogs" . }} + {{- end }} {{- if .Values.secrets.secretProviderClass}} - name: secrets-store-inline csi: diff --git a/charts/self-host/templates/volumes.yaml b/charts/self-host/templates/volumes.yaml index 7685fdb2..bb0bece8 100644 --- a/charts/self-host/templates/volumes.yaml +++ b/charts/self-host/templates/volumes.yaml @@ -52,6 +52,28 @@ spec: requests: storage: {{ .Values.volume.attachments.size }} +{{- if and .Values.volume.logs .Values.volume.logs.enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: {{ .Release.Namespace }} + name: {{ template "bitwarden.applogs" . }} + labels: + app.kubernetes.io/component: logs +{{ include "bitwarden.labels" . | indent 4 }} +{{- with .Values.volume.logs.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.general.volumeAccessMode }} + storageClassName: {{ .Values.sharedStorageClassName }} + resources: + requests: + storage: {{ .Values.volume.logs.size }} +{{- end }} + ################# # MSSQL Volumes # ################# diff --git a/charts/self-host/values.schema.json b/charts/self-host/values.schema.json index 983428c9..4d3c8d4b 100644 --- a/charts/self-host/values.schema.json +++ b/charts/self-host/values.schema.json @@ -2187,6 +2187,23 @@ "properties": {} } } + }, + "logs": { + "type": "object", + "required": [], + "properties": { + "enabled": { + "type": "boolean" + }, + "size": { + "type": "string" + }, + "labels": { + "type": "object", + "required": [], + "properties": {} + } + } } } }, diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml index a84c097d..2df275f0 100644 --- a/charts/self-host/values.yaml +++ b/charts/self-host/values.yaml @@ -303,6 +303,11 @@ volume: licenses: size: 1Gi labels: {} + logs: + # Logs are disabled by default + enabled: false + size: 1Gi + labels: {} # # Configure service account for pre- and post-install hooks