From a0bee4b64a0647382a8608b90482ce5859e4100a Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Sat, 20 Dec 2025 04:16:27 +0000 Subject: [PATCH] chore: Update manifests after change --- .../vault/CronJob-vault-snapshot.yaml | 3 + .../manifests/vault/Deployment-vault.yaml | 58 +++++++++++++++++++ .../vault/Pod-vault-server-test.yaml | 6 -- .../manifests/vault/StatefulSet-vault.yaml | 6 -- 4 files changed, 61 insertions(+), 12 deletions(-) create mode 100644 clusters/cl01tl/manifests/vault/Deployment-vault.yaml diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index 97b362507..0c5009086 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -31,6 +31,9 @@ spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true + securityContext: + runAsGroup: 1000 + runAsUser: 100 hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/vault/Deployment-vault.yaml b/clusters/cl01tl/manifests/vault/Deployment-vault.yaml new file mode 100644 index 000000000..7d1895236 --- /dev/null +++ b/clusters/cl01tl/manifests/vault/Deployment-vault.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vault + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: vault + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: vault + helm.sh/chart: temp-4.5.0 + namespace: vault +spec: + revisionHistoryLimit: 3 + replicas: 0 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: vault + app.kubernetes.io/instance: vault + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: vault + app.kubernetes.io/name: vault + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - command: + - sleep + - infinity + image: ubuntu:resolute-20251208 + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 32Mi + volumeMounts: + - mountPath: /opt/backup + name: backup + - mountPath: /opt/backup-old + name: backup-old + volumes: + - name: backup + persistentVolumeClaim: + claimName: vault-storage-backup + - name: backup-old + persistentVolumeClaim: + claimName: vault-nfs-storage-backup diff --git a/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml b/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml index ad4e7e18c..623a35c4f 100644 --- a/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml +++ b/clusters/cl01tl/manifests/vault/Pod-vault-server-test.yaml @@ -34,16 +34,10 @@ spec: exit 0 volumeMounts: - - mountPath: /opt/backups-old/ - name: vault-nfs-storage-backup - readOnly: true - mountPath: /opt/backups/ name: vault-storage-backup readOnly: false volumes: - - name: vault-nfs-storage-backup - persistentVolumeClaim: - claimName: vault-nfs-storage-backup - name: vault-storage-backup persistentVolumeClaim: claimName: vault-storage-backup diff --git a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml index 66dc1a003..4f2b1a5c2 100644 --- a/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml +++ b/clusters/cl01tl/manifests/vault/StatefulSet-vault.yaml @@ -48,9 +48,6 @@ spec: - name: config configMap: name: vault-config - - name: vault-nfs-storage-backup - persistentVolumeClaim: - claimName: vault-nfs-storage-backup - name: vault-storage-backup persistentVolumeClaim: claimName: vault-storage-backup @@ -113,9 +110,6 @@ spec: mountPath: /vault/data - name: config mountPath: /vault/config - - mountPath: /opt/backups-old/ - name: vault-nfs-storage-backup - readOnly: true - mountPath: /opt/backups/ name: vault-storage-backup readOnly: false