viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

vault: enroll audit-vault-0 in pvc-autoresizer (10Gi limit)

Browse source 
audit-vault-0 fills steadily with raft audit logs; without autoresizer
annotations it hits the 2Gi ceiling and Vault stalls on writes
(PVAutoExpanding alert was firing at 81% used). The Vault Helm chart
copies server.auditStorage.annotations onto the PVC at create time.

Live PVC already has the annotations applied via kubectl annotate;
this just keeps TF in sync.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-05-10 20:01:06 +00:00
parent 0fdadcc3dd
commit ee47197f3b
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
stacks/vault/main.tf
View file

@ -63,6 +63,14 @@ resource "helm_release" "vault" {
enabled = true enabled = true
size = "2Gi" size = "2Gi"
storageClass = "proxmox-lvm-encrypted" # Migrated 2026-04-25 from nfs-proxmox storageClass = "proxmox-lvm-encrypted" # Migrated 2026-04-25 from nfs-proxmox
# Vault audit logs grow unbounded per request; let pvc-autoresizer
# expand the volume up to 10Gi rather than ride a stuck-Pending
# vault-0 the moment the PVC fills.
annotations = {
"resize.topolvm.io/threshold" = "10%"
"resize.topolvm.io/increase" = "100%"
"resize.topolvm.io/storage_limit" = "10Gi"
}
} }
standalone = { enabled = false } standalone = { enabled = false }