Working vaultwarden manifests

Question is, is this working decently?
2025-02-11 22:43:14 +01:00 · 2025-02-11 22:43:14 +01:00 · a2119dee6e
commit a2119dee6e
parent 40cf93dfb2
9 changed files with 118 additions and 0 deletions
--- a/stages/delivery/kustomization.yaml
+++ b/stages/delivery/kustomization.yaml
@ -5,3 +5,7 @@ labels:
 - includeSelectors: true
  pairs:
    app.kubernetes.io/managed-by: Kustomize
+
+
+resources:
+  - ./deployment.yaml
--- a/stages/identity/.envs/.vaultwarden-admin-token.template
+++ b/stages/identity/.envs/.vaultwarden-admin-token.template
@ -0,0 +1 @@
+admin-token=16a6b142-bb39-4708-9de1-14157fee29d3
--- a/stages/identity/kustomization.yaml
+++ b/stages/identity/kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+metadata:
+  name: identity
+
+secretGenerator:
+  - name: vaultwarden-secret
+    namespace: vaultwarden
+    envs:
+      - .envs/.vaultwarden-admin-token
+
+resources:
+  - ./resources/vaultwarden/
--- a/stages/identity/resources/vaultwarden/deployment.yaml
+++ b/stages/identity/resources/vaultwarden/deployment.yaml
@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vaultwarden
+spec:
+  selector:
+    matchLabels:
+      app: vaultwarden
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      volumes:
+      - name: vaultwarden-pvc
+        persistentVolumeClaim:
+          claimName: vaultwarden-pvc
+      containers:
+      - name: vaultwarden
+        image: vaultwarden/server
+        resources:
+          limits:
+            memory: 256Mi
+            cpu: 500m
+        ports:
+        - name: vw-http
+          containerPort: 80
+        volumeMounts:
+          - mountPath: /data
+            name: vaultwarden-pvc
+        env:
+          - name: ADMIN_TOKEN
+            valueFrom:
+              secretKeyRef:
+                key: admin-token
+                name: vaultwarden-secret
--- a/stages/identity/resources/vaultwarden/ingress.yaml
+++ b/stages/identity/resources/vaultwarden/ingress.yaml
@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: vaultwarden-ingress
+  labels:
+    name: vaultwarden-ingress
+spec:
+  rules:
+  - host: pass.kropcloud.net
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: vaultwarden-svc
+            port:
+              number: 80
--- a/stages/identity/resources/vaultwarden/kustomization.yaml
+++ b/stages/identity/resources/vaultwarden/kustomization.yaml
@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: vaultwarden
+
+labels:
+- pairs:
+    app.kubernetes.io/managed-by: Kustomize
+    app.kubernetes.io/part-of: vaultwarden
+    app.kubernetes.io/version: 1.33.2
+
+resources:
+  - ./deployment.yaml
+  - ./pvc.yaml
+  - ./service.yaml
+  - ./ingress.yaml
+  - ./namespace.yaml
+
+images:
+  - name: vaultwarden/server
+    newTag: 1.33.2
--- a/stages/identity/resources/vaultwarden/namespace.yaml
+++ b/stages/identity/resources/vaultwarden/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden
--- a/stages/identity/resources/vaultwarden/pvc.yaml
+++ b/stages/identity/resources/vaultwarden/pvc.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: vaultwarden-pvc
+spec:
+  resources:
+    requests:
+      storage: 10Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
--- a/stages/identity/resources/vaultwarden/service.yaml
+++ b/stages/identity/resources/vaultwarden/service.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: vaultwarden-svc
+spec:
+  selector:
+    app: vaultwarden
+  ports:
+  - name: vaultwarden-http-svc
+    port: 80
+    targetPort: vw-http
				`@ -0,0 +1 @@`
				`admin-token=16a6b142-bb39-4708-9de1-14157fee29d3`