coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df09dd42f4e7f05ab1121b5603f2fdf875e91194
net-kingdom/sso-mfa/k8s/privacyidea/pvc.yaml
Bernd Worsch 1d94652ba1 feat(sso-mfa): T04 privacyIDEA manifests (NK-WP-0001-T04) 
Deploy privacyIDEA (MFA core) in the mfa namespace:
- pvc.yaml: privacyidea-data (5Gi) and privacyidea-logs (2Gi)
- configmap.yaml: pi.cfg reading secrets from env vars
- deployment.yaml: Deployment + ClusterIP Service (port 8080)
- middleware.yaml: Traefik RateLimit + admin IP AllowList
- ingress.yaml: pink.coulomb.social (portal + admin), pink-account.coulomb.social (self-service)
- create-secrets.sh: creates privacyidea-config Secret
- enckey-bootstrap.sh: post-deploy key extraction + DR Secrets
- bootstrap-admin.sh: pi-admin, trigger-admin, privacyidea-trigger-admin Secret
- verify-t04.sh: 8-section done-criteria checker

Config points CP-NK-002 (pink.coulomb.social) and CP-NK-003
(pink-account.coulomb.social) registered in CONFIG.md.

pink = PrivacyIDEA Net Knights (project mnemonic).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-19 01:22:41 +00:00

41 lines
1.0 KiB
YAML
Raw Blame History

# PersistentVolumeClaims for privacyIDEA (namespace: mfa)
#
# privacyidea-data — /etc/privacyidea/
# Holds: enckey, audit signing keys, and any runtime PI config.
# PI auto-generates missing key material here on first start.
# Run enckey-bootstrap.sh after first deploy to extract keys into
# KeePassXC and K8s Secrets (disaster recovery copies).
#
# privacyidea-logs — /var/log/privacyidea/
# Application log files; separate PVC keeps data PVC clean.
#
# Adjust storage sizes before production deployment.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: privacyidea-data
namespace: mfa
labels:
app.kubernetes.io/part-of: net-kingdom-sso-mfa
net-kingdom/component: mfa
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: privacyidea-logs
namespace: mfa
labels:
app.kubernetes.io/part-of: net-kingdom-sso-mfa
net-kingdom/component: mfa
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
Reference in New Issue View Git Blame Copy Permalink