kubedeploy-k3s/apps/vaultwarden/base/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: vaultwarden
  name: vaultwarden
spec:
  replicas: 1
  revisionHistoryLimit: 1
  selector:
    matchLabels:
      app: vaultwarden
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: vaultwarden
    spec:
      containers:
        - env:
            - name: ADMIN_RATELIMIT_MAX_BURST
              value: "10"
            - name: ADMIN_RATELIMIT_SECONDS
              value: "60"
            - name: DOMAIN
              value: https://vault.steffenillium.de
            - name: EMERGENCY_ACCESS_ALLOWED
              value: "true"
            - name: LOGIN_RATELIMIT_MAX_BURST
              value: "10"
            - name: LOGIN_RATELIMIT_SECONDS
              value: "60"
            - name: SENDS_ALLOWED
              value: "true"
            - name: SIGNUPS_ALLOWED
              value: "false"
            - name: SMTP_AUTH_MECHANISM
              value: '"Plain"'
            - name: SMTP_FROM
              value: vaultwarden@steffenillium.de
            - name: SMTP_FROM_NAME
              value: Vaultwarden
            - name: SMTP_PORT
              value: "587"
            - name: SMTP_SECURITY
              value: starttls
            - name: SMTP_HOST
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: SMTP_HOST
            - name: SMTP_USERNAME
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: SMTP_USERNAME
            - name: WEB_VAULT_ENABLED
              value: "true"
            - name: SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: SMTP_PASSWORD
            - name: YUBICO_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: YUBICO_CLIENT_ID
            - name: YUBICO_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: YUBICO_SECRET_KEY
            - name: ADMIN_TOKEN
              valueFrom:
                secretKeyRef:
                  name: vaultwarden-secret-sealed
                  key: ADMIN_TOKEN
          image: vaultwarden/server:latest
          name: vaultwarden
          ports:
            - containerPort: 80
              protocol: TCP
          resources:
            limits:
              cpu: "0.3"
              memory: "1G"
          volumeMounts:
            - mountPath: /data
              name: vaultwarden-pvc
              subPath: a732584e-b9e2-425d-8e9e-8ba5a932e611
      restartPolicy: Always
      volumes:
        - name: vaultwarden-pvc
          persistentVolumeClaim:
            claimName: vaultwarden-pvc