vaultwarden: deploy

2025-03-04 20:19:47 -05:00
parent 9e52627ee5
commit cfacf8f082
7 changed files with 124 additions and 0 deletions
--- a/vaultwarden/cert-dubyatp-xyz.yaml
+++ b/vaultwarden/cert-dubyatp-xyz.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-dubyatp-xyz
+  annotations:
+    replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz"
+    replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key"
+  data:
+    tls.crt: ""
+    tls.key: ""
--- a/vaultwarden/configmap.yaml
+++ b/vaultwarden/configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vaultwarden-config
+data:
+  DATA_FOLDER: config
+  DOMAIN: https://vaultwarden.dubyatp.xyz
+  SIGNUPS_ALLOWED: "false"
+  SMTP_FROM: bitwarden@em3532.williamtpeebles.com
+  SMTP_FROM_NAME: Vaultwarden
+  SMTP_HOST: smtp.sendgrid.net
+  SMTP_PORT: "587"
+  SMTP_SECURITY: starttls
+  SMTP_TIMEOUT: "15"
+  SMTP_USERNAME: apikey
--- a/vaultwarden/deployment.yaml
+++ b/vaultwarden/deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+      - name: vaultwarden
+        image: vaultwarden/server:1.33.2-alpine
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        envFrom:
+          - secretRef:
+              name: vaultwarden-secrets
+          - configMapRef:
+              name: vaultwarden-config
+      volumes:
+        - name: vaultwarden-pvc
+          persistentVolumeClaim:
+            claimName: vaultwarden-pvc
--- a/vaultwarden/ingress.yaml
+++ b/vaultwarden/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden
+  labels:
+    name: vaultwarden
+spec:
+  rules:
+  - host: vaultwarden.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: vaultwarden-svc
+            port: 
+              number: 80
+  tls:
+  - hosts:
+    - vaultwarden.dubyatp.xyz
+    secretName: cert-dubyatp-xyz
--- a/vaultwarden/pvc.yaml
+++ b/vaultwarden/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-pvc
+spec:
+  storageClassName: weyma-shared
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
--- a/vaultwarden/secret.yaml
+++ b/vaultwarden/secret.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: vaultwarden-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: weyma-vault
+    kind: ClusterSecretStore
+  target:
+    name: vaultwarden-secrets
+    creationPolicy: Owner
+  data:
+    - secretKey: ADMIN_TOKEN
+      remoteRef:
+        key: vaultwarden
+        property: admin_token
+    - secretKey: HIBP_API_KEY
+      remoteRef:
+        key: vaultwarden
+        property: hibp_api_key
+    - secretKey: SMTP_PASSWORD
+      remoteRef:
+        key: vaultwarden
+        property: smtp_password
--- a/vaultwarden/svc.yaml
+++ b/vaultwarden/svc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-svc
+spec:
+  type: ClusterIP
+  selector:
+    app: vaultwarden
+  ports:
+  - port: 80
+    targetPort: 80