diff --git a/apps/vaultwarden/base/vaultwarden-data-pvc.yaml b/apps/vaultwarden/base/vaultwarden-data-pvc.yaml new file mode 100644 index 0000000..02cc48a --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-data-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: vaultwarden-data-pvc + name: vaultwarden-data-pvc +spec: + storageClassName: longhorn + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/apps/vaultwarden/base/vaultwarden-deployment.yaml b/apps/vaultwarden/base/vaultwarden-deployment.yaml new file mode 100644 index 0000000..d502a15 --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: vaultwarden + name: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + strategy: + type: Recreate + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - env: + - name: ADMIN_RATELIMIT_MAX_BURST + value: "10" + - name: ADMIN_RATELIMIT_SECONDS + value: "60" + - name: DOMAIN + value: https://vault.steffenillium.de + - name: EMERGENCY_ACCESS_ALLOWED + value: "true" + - name: LOGIN_RATELIMIT_MAX_BURST + value: "10" + - name: LOGIN_RATELIMIT_SECONDS + value: "60" + - name: SENDS_ALLOWED + value: "true" + - name: SIGNUPS_ALLOWED + value: "false" + - name: SMTP_AUTH_MECHANISM + value: '"Plain"' + - name: SMTP_FROM + value: vaultwarden@steffenillium.de + - name: SMTP_FROM_NAME + value: Vaultwarden + - name: SMTP_PORT + value: "587" + - name: SMTP_SECURITY + value: starttls + - name: SMTP_HOST + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: SMTP_HOST + - name: SMTP_USERNAME + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: SMTP_USERNAME + - name: WEB_VAULT_ENABLED + value: "true" + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: SMTP_PASSWORD + - name: YUBICO_CLIENT_ID + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: YUBICO_CLIENT_ID + - name: YUBICO_SECRET_KEY + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: YUBICO_SECRET_KEY + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: vaultwarden-secret-sealed + key: ADMIN_TOKEN + image: vaultwarden/server:latest + name: vaultwarden + ports: + - containerPort: 80 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /data + name: vaultwarden-data-pvc + restartPolicy: Always + volumes: + - name: vaultwarden-data-pvc + persistentVolumeClaim: + claimName: vaultwarden-data-pvc + + diff --git a/apps/vaultwarden/base/vaultwarden-ingress.yaml b/apps/vaultwarden/base/vaultwarden-ingress.yaml new file mode 100644 index 0000000..542f05a --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-ingress.yaml @@ -0,0 +1,15 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: vaultwarden-ingress + namespace: vaultwarden +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`vault.steffenillium.de`) + kind: Rule + services: + - name: vaultwarden + port: 80 diff --git a/apps/vaultwarden/base/vaultwarden-namespace.yaml b/apps/vaultwarden/base/vaultwarden-namespace.yaml new file mode 100644 index 0000000..deea145 --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden \ No newline at end of file diff --git a/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml b/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml new file mode 100644 index 0000000..6100447 --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-secret-sealed + namespace: vaultwarden + annotations: + sealedsecrets.bitnami.com/namespace-wide: true +type: Opaque +stringData: + key: val + diff --git a/apps/vaultwarden/base/vaultwarden-service.yaml b/apps/vaultwarden/base/vaultwarden-service.yaml new file mode 100644 index 0000000..2f08c76 --- /dev/null +++ b/apps/vaultwarden/base/vaultwarden-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: vaultwarden + name: vaultwarden +spec: + ports: + - name: "web" + port: 80 + targetPort: 80 + selector: + app: vaultwarden diff --git a/apps/vaultwarden/kustomization.yaml b/apps/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..e98c249 --- /dev/null +++ b/apps/vaultwarden/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: vaultwarden + +resources: +- base/vaultwarden-data-pvc.yaml +- base/vaultwarden-deployment.yaml +- base/vaultwarden-namespace.yaml +- base/vaultwarden-secret-sealed.yaml +- base/vaultwarden-service.yaml