steve@MacBookPro ~/eks/prd# git clone https://github.com/guerzon/vaultwarden
steve@MacBookPro ~/eks/prd# cd vaultwarden
steve@MacBookPro ~/eks/prd/vaultwarden# vi values.yaml
steve@MacBookPro ~/eks/prd/vaultwarden# vi values.yaml
---
signupDomains: "gmail.com" # 사용자 추가시 허용 될 도메인 (회사 도메인만 추가하여 보안성을 확보할 수 있다.)
signupsVerify: "true"
ingress:
enabled: true
class: "alb"
additionalAnnotations:
alb.ingress.kubernetes.io/scheme: internet-facing # Public
alb.ingress.kubernetes.io/subnets: # subnet-###,subnet-###
alb.ingress.kubernetes.io/target-type: instance # Target Type
alb.ingress.kubernetes.io/load-balancer-name: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-northeast-2:000000000000:certificate/~ # ACM
# Target Settings
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/conditions.warden-vaultwarden: >
[{"field":"source-ip","sourceIpConfig":{"values":["1.2.3.4/32"]}}] # IP 접근제한
service:
type: "NodePort"
database:
type: "postgresql"
host: "my-database.databaseurl.ap-northeast-2.rds.amazonaws.com"
port: "5432"
username: "vaultwarden"
password: "vaultwarden!@34"
dbName: "valutwarden"
storage:
enabled: true
size: "5Gi"
class: "gp2"
dataDir: "/data"
steve@MacBookPro ~/eks/prd/vaultwarden# h install warden .
NAME: warden
LAST DEPLOYED: Mon Apr 17 18:24:59 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
** Please be patient while the chart is being deployed **
Thanks for installing vaultwarden.
You have named your release: warden.
Vaultwarden is accessible here: sub_domain.domain.com
steve@MacBookPro ~/eks/prd/vaultwarden# k get all,pv,pvc -l app.kubernetes.io/component=vaultwarden
NAME READY STATUS RESTARTS AGE
pod/warden-vaultwarden-0 1/1 Running 0 32d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/warden-vaultwarden NodePort 172.20.193.180 <none> 80:30442/TCP,3012:32603/TCP 32d
NAME READY AGE
statefulset.apps/warden-vaultwarden 1/1 32d
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/vaultwarden-data-warden-vaultwarden-0 Bound pvc-51b7cf85-9315-4441-b932-e039214622ca 5Gi RWO gp2 39d
https://Domain/admin 으로 접속하면 초기 설정을 하고 사용하면 된다.