Adding a PVC for logs (#61)

Adding a PVC for logs

Author: jhbeskow

charts/self-host/templates/admin.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.admin.podServiceAccount }}
       serviceAccount: "{{ .Values.component.admin.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.admin.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/admin
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.admin" . }}
@@ -58,6 +72,11 @@ spec:
           mountPath: /etc/bitwarden/core/aspnet-dataprotection
         - name: licenses
           mountPath: /etc/bitwarden/core/licenses
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: admin
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -72,6 +91,11 @@ spec:
         - name: licenses
           persistentVolumeClaim:
             claimName: {{ template "bitwarden.licenses" . }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi:

charts/self-host/templates/api.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.api.podServiceAccount }}
       serviceAccount: "{{ .Values.component.api.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.api.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/api
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.api" . }}
@@ -60,6 +74,11 @@ spec:
           mountPath: /etc/bitwarden/core/aspnet-dataprotection
         - name: licenses
           mountPath: /etc/bitwarden/core/licenses
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: api
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -77,6 +96,11 @@ spec:
         - name: licenses
           persistentVolumeClaim:
             claimName: {{ template "bitwarden.licenses" . }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi:

charts/self-host/templates/events.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.events.podServiceAccount }}
       serviceAccount: "{{ .Values.component.events.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.events.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/events
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.events" . }}
@@ -59,6 +73,11 @@ spec:
           mountPath: "/mnt/secrets-store"
           readOnly: true
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: events
+        {{- end }}
         securityContext:
 {{ toYaml .Values.component.events.securityContext | indent 10 }}
       volumes:
@@ -70,6 +89,11 @@ spec:
             volumeAttributes:
               secretProviderClass: {{ .Values.secrets.secretProviderClass }}
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
 
 ---
 apiVersion: v1

charts/self-host/templates/helpers.tpl

@@ -182,6 +182,13 @@ Name of Licenses volume
 {{ template "bitwarden.fullname" . }}-licenses
 {{- end -}}
 
+{{/*
+Name of Logs volume
+*/}}
+{{- define "bitwarden.applogs" -}}
+{{ template "bitwarden.fullname" . }}-applogs
+{{- end -}}
+
 
 {{/*
 Name of MSSQL Backups volume

charts/self-host/templates/icons.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.icons.podServiceAccount }}
       serviceAccount: "{{ .Values.component.icons.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.icons.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/icons
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.icons" . }}
@@ -57,6 +71,11 @@ spec:
           mountPath: "/mnt/secrets-store"
           readOnly: true
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: icons
+        {{- end }}
         resources:
 {{ toYaml .Values.component.icons.resources | indent 10 }}
         securityContext:
@@ -70,6 +89,11 @@ spec:
             volumeAttributes:
               secretProviderClass: {{ .Values.secrets.secretProviderClass }}
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
 
 ---
 apiVersion: v1

charts/self-host/templates/identity.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.identity.podServiceAccount }}
       serviceAccount: "{{ .Values.component.identity.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.identity.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/identity
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.identity" . }}
@@ -62,6 +76,11 @@ spec:
           mountPath: /etc/bitwarden/core/aspnet-dataprotection
         - name: licenses
           mountPath: /etc/bitwarden/core/licenses
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: identity
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -79,6 +98,11 @@ spec:
         - name: licenses
           persistentVolumeClaim:
             claimName: {{ template "bitwarden.licenses" . }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi:

charts/self-host/templates/notifications.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.notifications.podServiceAccount }}
       serviceAccount: "{{ .Values.component.notifications.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.notifications.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/notifications
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.notifications" . }}
@@ -59,6 +73,11 @@ spec:
           mountPath: "/mnt/secrets-store"
           readOnly: true
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: notifications
+        {{- end }}
         securityContext:
 {{ toYaml .Values.component.notifications.securityContext | indent 10 }}
       volumes:
@@ -70,6 +89,11 @@ spec:
             volumeAttributes:
               secretProviderClass: {{ .Values.secrets.secretProviderClass }}
         {{- end }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
 
 ---
 apiVersion: v1

charts/self-host/templates/pre-install-hook-configmap.yaml

@@ -44,7 +44,9 @@ data:
   globalSettings__oidcIdentityClientKey: {{ (randAlphaNum 64) | quote }}
   globalSettings__duo__aKey: {{ (randAlphaNum 64) | quote }}
 {{- end }}
+{{- if not (and .Values.volume.logs .Values.volume.logs.enabled) }}
   globalSettings__logDirectory: "/dev/null"
+{{- end }}
   globalSettings__logRollBySizeLimit: ""
   globalSettings__syslog__destination: ""
   globalSettings__dataProtection__directory: "/etc/bitwarden/core/aspnet-dataprotection"

charts/self-host/templates/scim.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.scim.podServiceAccount }}
       serviceAccount: "{{ .Values.component.scim.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.scim.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/scim
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.scim" . }}
@@ -61,6 +75,11 @@ spec:
           mountPath: /etc/bitwarden/core/aspnet-dataprotection
         - name: licenses
           mountPath: /etc/bitwarden/core/licenses
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: scim
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -78,6 +97,11 @@ spec:
         - name: licenses
           persistentVolumeClaim:
             claimName: {{ template "bitwarden.licenses" . }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi:

charts/self-host/templates/sso.yaml

@@ -28,6 +28,20 @@ spec:
     {{- if .Values.component.sso.podServiceAccount }}
       serviceAccount: "{{ .Values.component.sso.podServiceAccount }}"
       serviceAccountName: "{{ .Values.component.sso.podServiceAccount }}"
+    {{- end }}
+    {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+      initContainers:
+      - name: create-mount-subdir
+        command:
+          - "/bin/bash"
+          - "-c"
+        args: ['
+          mkdir -p /logs/sso
+        ']
+        image: "bitnami/kubectl:1.19"
+        volumeMounts:
+          - name: applogs
+            mountPath: /logs
     {{- end }}
       containers:
       - name: {{ template "bitwarden.sso" . }}
@@ -62,6 +76,11 @@ spec:
           mountPath: /etc/bitwarden/core/aspnet-dataprotection
         - name: licenses
           mountPath: /etc/bitwarden/core/licenses
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          mountPath: /etc/bitwarden/logs
+          subPath: sso
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           mountPath: "/mnt/secrets-store"
@@ -79,6 +98,11 @@ spec:
         - name: licenses
           persistentVolumeClaim:
             claimName: {{ template "bitwarden.licenses" . }}
+        {{- if and .Values.volume.logs .Values.volume.logs.enabled }}
+        - name: applogs
+          persistentVolumeClaim:
+            claimName: {{ template "bitwarden.applogs" . }}
+        {{- end }}
         {{- if .Values.secrets.secretProviderClass}}
         - name: secrets-store-inline
           csi: