steffen/kubedeploy-k3s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vaultwarden init

Browse Source
This commit is contained in:
Steffen Illium 2024-03-28 17:40:08 +01:00
parent a0330fa026
commit b5a759e7be
7 changed files with 161 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/vaultwarden/base/vaultwarden-data-pvc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: vaultwarden-data-pvc
name: vaultwarden-data-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi

94
apps/vaultwarden/base/vaultwarden-deployment.yaml Normal file
View File

@ -0,0 +1,94 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: vaultwarden
name: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
strategy:
type: Recreate
template:
metadata:
labels:
app: vaultwarden
spec:
containers:
- env:
- name: ADMIN_RATELIMIT_MAX_BURST
value: "10"
- name: ADMIN_RATELIMIT_SECONDS
value: "60"
- name: DOMAIN
value: https://vault.steffenillium.de
- name: EMERGENCY_ACCESS_ALLOWED
value: "true"
- name: LOGIN_RATELIMIT_MAX_BURST
value: "10"
- name: LOGIN_RATELIMIT_SECONDS
value: "60"
- name: SENDS_ALLOWED
value: "true"
- name: SIGNUPS_ALLOWED
value: "false"
- name: SMTP_AUTH_MECHANISM
value: '"Plain"'
- name: SMTP_FROM
value: vaultwarden@steffenillium.de
- name: SMTP_FROM_NAME
value: Vaultwarden
- name: SMTP_PORT
value: "587"
- name: SMTP_SECURITY
value: starttls
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: SMTP_HOST
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: SMTP_USERNAME
- name: WEB_VAULT_ENABLED
value: "true"
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: SMTP_PASSWORD
- name: YUBICO_CLIENT_ID
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: YUBICO_CLIENT_ID
- name: YUBICO_SECRET_KEY
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: YUBICO_SECRET_KEY
- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: vaultwarden-secret-sealed
key: ADMIN_TOKEN
image: vaultwarden/server:latest
name: vaultwarden
ports:
- containerPort: 80
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /data
name: vaultwarden-data-pvc
restartPolicy: Always
volumes:
- name: vaultwarden-data-pvc
persistentVolumeClaim:
claimName: vaultwarden-data-pvc

15
apps/vaultwarden/base/vaultwarden-ingress.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vaultwarden-ingress
namespace: vaultwarden
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`vault.steffenillium.de`)
kind: Rule
services:
- name: vaultwarden
port: 80

4
apps/vaultwarden/base/vaultwarden-namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden

11
apps/vaultwarden/base/vaultwarden-secret-sealed.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: vaultwarden-secret-sealed
namespace: vaultwarden
annotations:
sealedsecrets.bitnami.com/namespace-wide: true
type: Opaque
stringData:
key: val

13
apps/vaultwarden/base/vaultwarden-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: vaultwarden
name: vaultwarden
spec:
ports:
- name: "web"
port: 80
targetPort: 80
selector:
app: vaultwarden

11
apps/vaultwarden/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: vaultwarden
resources:
- base/vaultwarden-data-pvc.yaml
- base/vaultwarden-deployment.yaml
- base/vaultwarden-namespace.yaml
- base/vaultwarden-secret-sealed.yaml
- base/vaultwarden-service.yaml